8bd1afd65268e5d9e416d830b8d370d8a8956824a8293b3b372d7fa051e982c8 | Triage

Sharing

General

Target

tn5250.msi
Size

2.0MB
Sample

241119-n1q8davhne
MD5

df00268606a3e3488d08a5e2cec0c100
SHA1

7f6b44e59134341a7cad154d223a5121de42b5e9
SHA256

8bd1afd65268e5d9e416d830b8d370d8a8956824a8293b3b372d7fa051e982c8
SHA512

9f5cd01d31fcf2616d2384270ccc5d914f071dd7ae5b7ba45a7e605053907db021ba28365e4396aef495373453f2126e884eff6604f5caa93086c994dce4e7ac
SSDEEP

49152:45kVY5AyE3D2aXE739bH/fwmOua7IX9qNGnHt6q+tMp:7Y5AJCWcNbHbOH7ItqN0Htj+

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  tn5250.msi
- Size
  
  2.0MB
- MD5
  
  df00268606a3e3488d08a5e2cec0c100
- SHA1
  
  7f6b44e59134341a7cad154d223a5121de42b5e9
- SHA256
  
  8bd1afd65268e5d9e416d830b8d370d8a8956824a8293b3b372d7fa051e982c8
- SHA512
  
  9f5cd01d31fcf2616d2384270ccc5d914f071dd7ae5b7ba45a7e605053907db021ba28365e4396aef495373453f2126e884eff6604f5caa93086c994dce4e7ac
- SSDEEP
  
  49152:45kVY5AyE3D2aXE739bH/fwmOua7IX9qNGnHt6q+tMp:7Y5AJCWcNbHbOH7ItqN0Htj+
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation