4fa81d2cf99c324146974fb8a3000c9e0df870fd7f97fbf8a2f2fcdbb339acc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x64_x32_installer__v4.3.5.msi
Size

34.2MB
Sample

240825-rpe8hszgpl
MD5

c864f211a0c12446583e7b200b7d5d7d
SHA1

0919ef1b3f8b3bcd981f4e9eb6607860e128e989
SHA256

4fa81d2cf99c324146974fb8a3000c9e0df870fd7f97fbf8a2f2fcdbb339acc9
SHA512

e3506504b779605198bbe70473758b8ca04a24d47504da7ed24d8d048a2ab72b01f1011eaded3b70eeff371dae4f48382735c5cf80e18370f3a5e546062f4f3d
SSDEEP

786432:it9KUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0y8YBf:it9m7xVLYjsp+ikJ8YB

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  x64_x32_installer__v4.3.5.msi
- Size
  
  34.2MB
- MD5
  
  c864f211a0c12446583e7b200b7d5d7d
- SHA1
  
  0919ef1b3f8b3bcd981f4e9eb6607860e128e989
- SHA256
  
  4fa81d2cf99c324146974fb8a3000c9e0df870fd7f97fbf8a2f2fcdbb339acc9
- SHA512
  
  e3506504b779605198bbe70473758b8ca04a24d47504da7ed24d8d048a2ab72b01f1011eaded3b70eeff371dae4f48382735c5cf80e18370f3a5e546062f4f3d
- SSDEEP
  
  786432:it9KUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0y8YBf:it9m7xVLYjsp+ikJ8YB
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation