General
-
Target
Guidelines_for_Citizen_Safety.msi
-
Size
2.9MB
-
Sample
241124-l9m6za1lfl
-
MD5
b5b7dd5400c36976c4870af2f1e888a0
-
SHA1
dbd6fa30f976baf529d2005d68804ea92327e9bc
-
SHA256
fd000e4dbd1e3ce1c3604fa0d5ffe235ee676eb2c5af6ce7334ac69312456708
-
SHA512
32c5a09388856370e75aa94ad14fa5a074693d2862090c7f72c727569163ea165d69588e53f21220887321c757f097c147fcc3ead4b4c59fbb171db06f0d047b
-
SSDEEP
49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT
Behavioral task
behavioral1
Sample
Guidelines_for_Citizen_Safety.msi
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Guidelines_for_Citizen_Safety.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Guidelines_for_Citizen_Safety.msi
-
Size
2.9MB
-
MD5
b5b7dd5400c36976c4870af2f1e888a0
-
SHA1
dbd6fa30f976baf529d2005d68804ea92327e9bc
-
SHA256
fd000e4dbd1e3ce1c3604fa0d5ffe235ee676eb2c5af6ce7334ac69312456708
-
SHA512
32c5a09388856370e75aa94ad14fa5a074693d2862090c7f72c727569163ea165d69588e53f21220887321c757f097c147fcc3ead4b4c59fbb171db06f0d047b
-
SSDEEP
49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT
-
Ateraagent family
-
Detects AteraAgent
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1