General
-
Target
IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi
-
Size
28.9MB
-
Sample
241130-nhzrsssncv
-
MD5
7172472c9a8e578dc6b8310601cbc646
-
SHA1
712976528526ad2c3c9bf82b7939abe652ad7962
-
SHA256
c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64
-
SHA512
4a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d
-
SSDEEP
393216:FLb7VqFnDYiFbWptlSPdJ1Zp9O71CeEHL/yEeEEszszuomY05LsW1IK18dZdu0JS:BVch2CdJ1ZOCNH73NHhYDWmz80
Malware Config
Targets
-
-
Target
IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi
-
Size
28.9MB
-
MD5
7172472c9a8e578dc6b8310601cbc646
-
SHA1
712976528526ad2c3c9bf82b7939abe652ad7962
-
SHA256
c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64
-
SHA512
4a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d
-
SSDEEP
393216:FLb7VqFnDYiFbWptlSPdJ1Zp9O71CeEHL/yEeEEszszuomY05LsW1IK18dZdu0JS:BVch2CdJ1ZOCNH73NHhYDWmz80
Score6/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Detected potential entity reuse from brand MICROSOFT.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1