General

  • Target

    118c1187c5b37ab9c4f9f39500d777c0a914c379d853439608157379dcb71772.msi

  • Size

    1.8MB

  • Sample

    241113-nw4mxavkaq

  • MD5

    b62391ef588987e34030159325987a21

  • SHA1

    7c8d0c37a8dd4d9f5c9447f7d6f78926d05d6d2d

  • SHA256

    118c1187c5b37ab9c4f9f39500d777c0a914c379d853439608157379dcb71772

  • SHA512

    a4ae63f9cd71d78303cdd1d3aa9e7bfad36e735b773210a26a2af4907aa6ee63e9edc2959a2f1eb9999808727bbdec523e430d3dc91d4bdc603c829b53e5432a

  • SSDEEP

    49152:9acTt5QDGgYBkx5upDun9RaUnxKvmP4vMbu5yxig:RwYBkhaU8vm

Malware Config

Targets

    • Target

      118c1187c5b37ab9c4f9f39500d777c0a914c379d853439608157379dcb71772.msi

    • Size

      1.8MB

    • MD5

      b62391ef588987e34030159325987a21

    • SHA1

      7c8d0c37a8dd4d9f5c9447f7d6f78926d05d6d2d

    • SHA256

      118c1187c5b37ab9c4f9f39500d777c0a914c379d853439608157379dcb71772

    • SHA512

      a4ae63f9cd71d78303cdd1d3aa9e7bfad36e735b773210a26a2af4907aa6ee63e9edc2959a2f1eb9999808727bbdec523e430d3dc91d4bdc603c829b53e5432a

    • SSDEEP

      49152:9acTt5QDGgYBkx5upDun9RaUnxKvmP4vMbu5yxig:RwYBkhaU8vm

    • Use of msiexec (install) with remote resource

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks