521e2dfd2f1310d4d094f5afec95581f83c95d9ced38c69e948eaf15e8314d09 | Triage

Sharing

General

Target

v.1.5.4__x64__.msi
Size

51.4MB
Sample

241011-zepm7sserg
MD5

26676b1c12aff4aeb598dffecd24d6c2
SHA1

25d730f713d23c6404a612091ad2041079e343e1
SHA256

521e2dfd2f1310d4d094f5afec95581f83c95d9ced38c69e948eaf15e8314d09
SHA512

a629b72d41f0e349910eb3a6b8edb2cbb8673b6c5e68616043b8f0a87b07ac08ad3d5731b959df4c65a201c8d79d6a5631a22c5a9d00de41068584b5e7139339
SSDEEP

1572864:ip+Ty2SfWnHDk8FjVbfzPTq4E+RRhliQ59dG2I7P2n://0WnHDkkjBPTq4lhMQ5LlI

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  v.1.5.4__x64__.msi
- Size
  
  51.4MB
- MD5
  
  26676b1c12aff4aeb598dffecd24d6c2
- SHA1
  
  25d730f713d23c6404a612091ad2041079e343e1
- SHA256
  
  521e2dfd2f1310d4d094f5afec95581f83c95d9ced38c69e948eaf15e8314d09
- SHA512
  
  a629b72d41f0e349910eb3a6b8edb2cbb8673b6c5e68616043b8f0a87b07ac08ad3d5731b959df4c65a201c8d79d6a5631a22c5a9d00de41068584b5e7139339
- SSDEEP
  
  1572864:ip+Ty2SfWnHDk8FjVbfzPTq4E+RRhliQ59dG2I7P2n://0WnHDkkjBPTq4lhMQ5LlI
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation