Overview

overview

10

Static

static

10

CHSDBTNN.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CHSDBTNN.msi

  • Size

    8.8MB

  • Sample

    250409-pkhfzazxdv

  • MD5

    a554b03ada15a8e18ba20f01599ce1d2

  • SHA1

    62cd68b45d96cb535dc88a3c61ca1e6b5bba4a92

  • SHA256

    80887c316404836e19b87b8119d481fa6e66f26ed88cfd564e2b916848ae8359

  • SHA512

    7d07024ea25accf53df9d22e4c7fbf6c129b2fc7bd26d369ea59f0a863d81bd5655d20952a70a7b9f2f4618019d322b399c290e20e785a425ee2efd512503105

  • SSDEEP

    196608:XgAx0PD+x7ES3KU4zPOWI321Xuo6CpyazUwKS6e4P5lv/TEX3:U+mSx4723qXuo6CpyNwN4UX3

Score
10/10
hijackloaderdiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\Authquick

  • inject_dll

    %windir%\SysWOW64\input.dll

xor.hex

Targets

    • Target

      CHSDBTNN.msi

    • Size

      8.8MB

    • MD5

      a554b03ada15a8e18ba20f01599ce1d2

    • SHA1

      62cd68b45d96cb535dc88a3c61ca1e6b5bba4a92

    • SHA256

      80887c316404836e19b87b8119d481fa6e66f26ed88cfd564e2b916848ae8359

    • SHA512

      7d07024ea25accf53df9d22e4c7fbf6c129b2fc7bd26d369ea59f0a863d81bd5655d20952a70a7b9f2f4618019d322b399c290e20e785a425ee2efd512503105

    • SSDEEP

      196608:XgAx0PD+x7ES3KU4zPOWI321Xuo6CpyazUwKS6e4P5lv/TEX3:U+mSx4723qXuo6CpyNwN4UX3

    Score
    6/10
    discoverypersistenceprivilege_escalationspywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks