General
-
Target
1dd7892458eab123c341452aff6f4d817f290efc7f8c97b76bdb78e1e1fcf8d2.msi
-
Size
4.0MB
-
Sample
241002-bfannsyhrk
-
MD5
087d510f4d69f6faa479e4919f51a175
-
SHA1
084c49d7c83b257aacf8c94b28b992c326a2ad09
-
SHA256
1dd7892458eab123c341452aff6f4d817f290efc7f8c97b76bdb78e1e1fcf8d2
-
SHA512
0621648c405f3670c11dc08349bb69dfd83c3cebb719b2dd5b0adfb5878205805b308608b79728fed53ac33d67c726d7951c71dcce4fcd0c3bef04fb1340140c
-
SSDEEP
98304:zYlRGJAeTgvVgl4GVRtc6gMwt9HQTFdoVXI0+S:k28gjzngPtFGe9W
Malware Config
Targets
-
-
Target
1dd7892458eab123c341452aff6f4d817f290efc7f8c97b76bdb78e1e1fcf8d2.msi
-
Size
4.0MB
-
MD5
087d510f4d69f6faa479e4919f51a175
-
SHA1
084c49d7c83b257aacf8c94b28b992c326a2ad09
-
SHA256
1dd7892458eab123c341452aff6f4d817f290efc7f8c97b76bdb78e1e1fcf8d2
-
SHA512
0621648c405f3670c11dc08349bb69dfd83c3cebb719b2dd5b0adfb5878205805b308608b79728fed53ac33d67c726d7951c71dcce4fcd0c3bef04fb1340140c
-
SSDEEP
98304:zYlRGJAeTgvVgl4GVRtc6gMwt9HQTFdoVXI0+S:k28gjzngPtFGe9W
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1