General
-
Target
033cbe08cefd4b7a6553619355bc44f20de5c233b4f7a44142c7ae7caf96be41.zip
-
Size
12.5MB
-
Sample
241121-nbg86s1qcs
-
MD5
2805315c215615865abf72e8c89d4d66
-
SHA1
2090176a3dfb78ea59c5e189c828a0fb7bd88cba
-
SHA256
033cbe08cefd4b7a6553619355bc44f20de5c233b4f7a44142c7ae7caf96be41
-
SHA512
44c40a0c2539a7fd047f642e2a10cec6b8d2396fe08057381c69b01dc10207506d464ce829ece7a43d1f67e8fb579ac17a39f3e2257afcf4d567ff4964589201
-
SSDEEP
393216:mPc9ICYJ/jT5IN/lJQWGTWvDPQeW9ePN4Mic:UoIX95wJpGWr4s4M5
Malware Config
Targets
-
-
Target
sdsetup.msi
-
Size
13.9MB
-
MD5
90111bdf3173ee59b2b4ebe158b00050
-
SHA1
77508c78e0a8f23cda0713ca77de15285af66a4e
-
SHA256
b8bd3eb19eb84bd518e9c5b82d88d6a8743581fcf32f7bacf819c8f0a20e5d11
-
SHA512
474faa22fc0b0f9a9b9b7c479a3dd86e2c0e7fc2c93bbe650961438f1167b7bee886f31834abe934cb9de6e903be0fed150a63fe58d71001f495ab45f5ca85fa
-
SSDEEP
393216:d+B+BXTb0RAtdP5OaaBA3DBSdON9gK01jsB:pkRQ5VcAT4dON9g7js
Score8/10-
Creates new service(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Installer Packages
1