General

  • Target

    Microsoft.HEVCVideoExtensions.Installer.x64.msi

  • Size

    3.5MB

  • Sample

    241030-tpy2qsylak

  • MD5

    dcafc3c2c272a565a735a5d929a8440c

  • SHA1

    6b6bb8b216bac3abbe2195a6c0b86c8247b7e6b5

  • SHA256

    ed4fcb8d67e0577fdf22fabe95c9c3aa4910f4ec8ceb7d62321ed66abbf2b88b

  • SHA512

    33ed1b7680e8480f04dfe312991527b83181d96cbf0e5e2e267007b8c72b8512eca07847f744cc565d5cccc61e1eab5d007c0b801efece4fcc7b1eb3336328d0

  • SSDEEP

    49152:gTsAgMSw+OwjEk1Y1J4KuV9VD3EtgDdzdKLSXPgadbn28cTKf9KZZlYs:gTd+Ooo4Ko9lpA+fgkb1iWKJF

Malware Config

Targets

    • Target

      Microsoft.HEVCVideoExtensions.Installer.x64.msi

    • Size

      3.5MB

    • MD5

      dcafc3c2c272a565a735a5d929a8440c

    • SHA1

      6b6bb8b216bac3abbe2195a6c0b86c8247b7e6b5

    • SHA256

      ed4fcb8d67e0577fdf22fabe95c9c3aa4910f4ec8ceb7d62321ed66abbf2b88b

    • SHA512

      33ed1b7680e8480f04dfe312991527b83181d96cbf0e5e2e267007b8c72b8512eca07847f744cc565d5cccc61e1eab5d007c0b801efece4fcc7b1eb3336328d0

    • SSDEEP

      49152:gTsAgMSw+OwjEk1Y1J4KuV9VD3EtgDdzdKLSXPgadbn28cTKf9KZZlYs:gTd+Ooo4Ko9lpA+fgkb1iWKJF

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks