278a1083d2bd0fe3b4dc07413a556ce6829f0eadfe2f9aa3b99125d61b8179ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LegionLoader (2).msi
Size

54.5MB
Sample

241009-jtt88swgjp
MD5

d5290577980ba59635312fd6e9970eef
SHA1

ee1bfbbe56c663cd73ea450fe04f71d541418985
SHA256

278a1083d2bd0fe3b4dc07413a556ce6829f0eadfe2f9aa3b99125d61b8179ec
SHA512

b1fa97f15724a9e3e70e64b654440d963d6d7095b57ed3be491fb8e696f0f2b886e403c59d60532b6662c23676bfbcb696ac6509461c0a6bc66ad3d9a7b13b9f
SSDEEP

1572864:9p+Ty2SfWnHDk8FjVbfzPTq49+RhYoFczfDiQPU8azMCAJ:g/0WnHDkkjBPTq44YoFefTPU8awCm

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  LegionLoader (2).msi
- Size
  
  54.5MB
- MD5
  
  d5290577980ba59635312fd6e9970eef
- SHA1
  
  ee1bfbbe56c663cd73ea450fe04f71d541418985
- SHA256
  
  278a1083d2bd0fe3b4dc07413a556ce6829f0eadfe2f9aa3b99125d61b8179ec
- SHA512
  
  b1fa97f15724a9e3e70e64b654440d963d6d7095b57ed3be491fb8e696f0f2b886e403c59d60532b6662c23676bfbcb696ac6509461c0a6bc66ad3d9a7b13b9f
- SSDEEP
  
  1572864:9p+Ty2SfWnHDk8FjVbfzPTq49+RhYoFczfDiQPU8azMCAJ:g/0WnHDkkjBPTq44YoFefTPU8awCm
Score

6^/10

discovery
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2