General

  • Target

    d49dc3c37a54d126716d7fba2fdb17ad60784928369daf344626c29da6405076.msi.vir

  • Size

    103.2MB

  • Sample

    241110-m8jylavmev

  • MD5

    d5efae8993719271d7a647b2e30820e0

  • SHA1

    147bd566d23248a99a3c3f3fdb472d610e44fa8b

  • SHA256

    d49dc3c37a54d126716d7fba2fdb17ad60784928369daf344626c29da6405076

  • SHA512

    cf28beb363a63de73c1d77a794638f121413c2ad66d767da452d3b301752a7d5838ac9a5c4f782c7a1e85cdadb6e2da7567c18f904394b0df3e75e14f23b4f92

  • SSDEEP

    3145728:X7tgGpqMqdZElpXle4AQuTi7lDX8CL2RuPtcwb2Cr18k0gdt:xDpq1fEle4juOx4XREcwb260

Malware Config

Targets

    • Target

      d49dc3c37a54d126716d7fba2fdb17ad60784928369daf344626c29da6405076.msi.vir

    • Size

      103.2MB

    • MD5

      d5efae8993719271d7a647b2e30820e0

    • SHA1

      147bd566d23248a99a3c3f3fdb472d610e44fa8b

    • SHA256

      d49dc3c37a54d126716d7fba2fdb17ad60784928369daf344626c29da6405076

    • SHA512

      cf28beb363a63de73c1d77a794638f121413c2ad66d767da452d3b301752a7d5838ac9a5c4f782c7a1e85cdadb6e2da7567c18f904394b0df3e75e14f23b4f92

    • SSDEEP

      3145728:X7tgGpqMqdZElpXle4AQuTi7lDX8CL2RuPtcwb2Cr18k0gdt:xDpq1fEle4juOx4XREcwb260

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks