General
-
Target
KeystoneToolFirmwareInstallDriver.msi
-
Size
16.9MB
-
Sample
241120-vs3d1azmhs
-
MD5
f56d4170e1b61a09174a2fa2aaca156f
-
SHA1
b580cdf6d8bdb0fb58fb43ca02622b701c04629e
-
SHA256
b37af0248306ef231856a0f916df0c3e0b01a21c5ec5a057e327819ffc951a6c
-
SHA512
a7df8c576d5cdf885e06c414370c033da463addea6d401e09e00b4df97e8da24a129e26f12530ee1b36cef77e7ae3c0c520781bf82ee0f2fdd1b8c797e177f8f
-
SSDEEP
393216:GQ/kpjIpPVT8zcSbY2n7r3SYcCxaGc0JZTKpy6nCi1:Gq2oQYSU2nHCZCC0/sy6Cw
Malware Config
Targets
-
-
Target
KeystoneToolFirmwareInstallDriver.msi
-
Size
16.9MB
-
MD5
f56d4170e1b61a09174a2fa2aaca156f
-
SHA1
b580cdf6d8bdb0fb58fb43ca02622b701c04629e
-
SHA256
b37af0248306ef231856a0f916df0c3e0b01a21c5ec5a057e327819ffc951a6c
-
SHA512
a7df8c576d5cdf885e06c414370c033da463addea6d401e09e00b4df97e8da24a129e26f12530ee1b36cef77e7ae3c0c520781bf82ee0f2fdd1b8c797e177f8f
-
SSDEEP
393216:GQ/kpjIpPVT8zcSbY2n7r3SYcCxaGc0JZTKpy6nCi1:Gq2oQYSU2nHCZCC0/sy6Cw
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies file permissions
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-