General
-
Target
XSGYLWGR.msi
-
Size
7.8MB
-
Sample
250409-pekddazlz3
-
MD5
44de92e6a15f94afc69c001b4f201392
-
SHA1
84277ea8c5f24b98aaaa0df5eded2d23c7b159b1
-
SHA256
06be76f549d1d97a808e6629f6043a9609d5b59fa14d0e3ee3aa01354ac369d1
-
SHA512
d467f8faf22f2de115d711a5e138aeefddb43d73b2c22c44aea5cf3804e570c304490d7388ddd7ae031cdb47f15ec15e3c6cfff6b7f3895868475bfef50460a9
-
SSDEEP
196608:FEb3Cjrhy+g/lSvc26MJuBUYFa2S0j6S6d4+bR7NQXE:KCjc5UJuBUj2a4DXE
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\browserbg_Wm
-
inject_dll
%windir%\SysWOW64\input.dll
Targets
-
-
Target
XSGYLWGR.msi
-
Size
7.8MB
-
MD5
44de92e6a15f94afc69c001b4f201392
-
SHA1
84277ea8c5f24b98aaaa0df5eded2d23c7b159b1
-
SHA256
06be76f549d1d97a808e6629f6043a9609d5b59fa14d0e3ee3aa01354ac369d1
-
SHA512
d467f8faf22f2de115d711a5e138aeefddb43d73b2c22c44aea5cf3804e570c304490d7388ddd7ae031cdb47f15ec15e3c6cfff6b7f3895868475bfef50460a9
-
SSDEEP
196608:FEb3Cjrhy+g/lSvc26MJuBUYFa2S0j6S6d4+bR7NQXE:KCjc5UJuBUj2a4DXE
Score8/10-
Blocklisted process makes network request
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1