Overview

overview

6

Static

static

1

Obsidium64Setup.msi

windows7-x64

6

Obsidium64Setup.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Obsidium64Setup.msi

  • Size

    15.9MB

  • Sample

    241120-amarkswcqh

  • MD5

    b22bf4d75aea2ec6a0868f197b20f128

  • SHA1

    925d722642fdbf2b7b9d70fefbd25efb3005531d

  • SHA256

    1f5d87d2c996b5e6dcfac2ebfe3f24a70817fada79ca3e16c8eee8f3497c2bfb

  • SHA512

    5feebff9e884af8f65e824bf4f52126c01d63154dbc44027a61b5e4510328bb1329883b6316f4e920fe27c017e69add48d921e536a4f5945348d41187901b574

  • SSDEEP

    393216:laoik24KCni1T2NK7/39AHUGN+wIbfae8xAlxCvhSYo6:laGwCYT2Ur3uh+wIz9CvhK6

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Obsidium64Setup.msi

    • Size

      15.9MB

    • MD5

      b22bf4d75aea2ec6a0868f197b20f128

    • SHA1

      925d722642fdbf2b7b9d70fefbd25efb3005531d

    • SHA256

      1f5d87d2c996b5e6dcfac2ebfe3f24a70817fada79ca3e16c8eee8f3497c2bfb

    • SHA512

      5feebff9e884af8f65e824bf4f52126c01d63154dbc44027a61b5e4510328bb1329883b6316f4e920fe27c017e69add48d921e536a4f5945348d41187901b574

    • SSDEEP

      393216:laoik24KCni1T2NK7/39AHUGN+wIbfae8xAlxCvhSYo6:laGwCYT2Ur3uh+wIz9CvhK6

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks