hijackloader | 70715750bf70adf1f646d35e5387d6130eff1c5d4d2b844f198b4116987583fb | Triage

Sharing

General

Target

VZSIAQFD.msi
Size

16.2MB
Sample

250410-wwlq4aypw8
MD5

28ebb047832f05c31200726f63d43a0d
SHA1

c3f4013dc1df6851953672097e7275e4fd2e70f5
SHA256

70715750bf70adf1f646d35e5387d6130eff1c5d4d2b844f198b4116987583fb
SHA512

2dce5e1a8a6ca9fc66717b09c87655f93a01e22c466a6f1dcf23c3d71ddc7e477b80bf7af8572c790bae1136d0c35c827096dfbdc96a362c0cdb348a5a117390
SSDEEP

393216:LUhmCh/nYTWEiwlKRweQW8sJomnXhLhlroxVg4UHXa:YhmChffKsRwHW1RXHaDB

Score

10^/10

hijackloader discovery persistence privilege_escalation

Malware Config

Extracted

Family

hijackloader

Attributes

directory
%ALLUSERSPROFILE%\Toolupdate_4
inject_dll
%windir%\System32\input.dll

xor.hex

Targets

- Target
  
  VZSIAQFD.msi
- Size
  
  16.2MB
- MD5
  
  28ebb047832f05c31200726f63d43a0d
- SHA1
  
  c3f4013dc1df6851953672097e7275e4fd2e70f5
- SHA256
  
  70715750bf70adf1f646d35e5387d6130eff1c5d4d2b844f198b4116987583fb
- SHA512
  
  2dce5e1a8a6ca9fc66717b09c87655f93a01e22c466a6f1dcf23c3d71ddc7e477b80bf7af8572c790bae1136d0c35c827096dfbdc96a362c0cdb348a5a117390
- SSDEEP
  
  393216:LUhmCh/nYTWEiwlKRweQW8sJomnXhLhlroxVg4UHXa:YhmChffKsRwHW1RXHaDB
Score

6^/10

discovery persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation