General

  • Target

    FacturaVisorConstruccionyReparcionesEnero.msi

  • Size

    4.7MB

  • Sample

    250127-sasqqstmgw

  • MD5

    098258128b60916d3020efc8f5f0c661

  • SHA1

    0720f0b5b2bab1a41c885a1f3d38cee0d36af8f8

  • SHA256

    e16d3e2a7a1d6139ef8d62b462ff6cb3c3f60d44e45abfc8555478e9e1bba4c1

  • SHA512

    2ad2e76e6cb0bef5bcb9fde1b9efe68aceb9d92653d8e7d2fdc624a97182de85ddd0b5565a06a492da3cb94e6ef636ff052e71a46808115b8767e21c3ff1c47b

  • SSDEEP

    98304:AwxloYL3Q4V812xxW05sFRmV3qKaGFKnhiA0noy7:Z5L3QvoxWAseFpaGgfYb7

Malware Config

Targets

    • Target

      FacturaVisorConstruccionyReparcionesEnero.msi

    • Size

      4.7MB

    • MD5

      098258128b60916d3020efc8f5f0c661

    • SHA1

      0720f0b5b2bab1a41c885a1f3d38cee0d36af8f8

    • SHA256

      e16d3e2a7a1d6139ef8d62b462ff6cb3c3f60d44e45abfc8555478e9e1bba4c1

    • SHA512

      2ad2e76e6cb0bef5bcb9fde1b9efe68aceb9d92653d8e7d2fdc624a97182de85ddd0b5565a06a492da3cb94e6ef636ff052e71a46808115b8767e21c3ff1c47b

    • SSDEEP

      98304:AwxloYL3Q4V812xxW05sFRmV3qKaGFKnhiA0noy7:Z5L3QvoxWAseFpaGgfYb7

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks