General
-
Target
factura546532.msi_16597.zip
-
Size
19.4MB
-
Sample
240628-tg6rlswdjh
-
MD5
169ea296337d10641bb62076f1e710a5
-
SHA1
b39755a83a749d6aaf21634786857936e117fdb7
-
SHA256
a08bc5525ff0894dae0fd7aae28fa9fd0ad3be460cf671db150e1262c39e2361
-
SHA512
dc47e4cc640e82d969ad19091de94b774a8693f469dde2a348de101e6f25c3a8b6227f7ea4fe8b437d90154848951d72450ea24f257cd8f6dcb92ba844b8d2d6
-
SSDEEP
393216:vP9JnsPWvQd842KipEcoc1UN7u5W7Sjef0OGwa+Ta/h+k5QwEA:vP9Jns+v8z2KiNocou5fE0pwvTap+dg
Static task
static1
Behavioral task
behavioral1
Sample
factura546532.msi_16597.zip
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
factura546532.msi_16597.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
factura546532.msi_factura546532.msi_16597.msi
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
factura546532.msi_factura546532.msi_16597.msi
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
factura546532.msi_16597.zip
-
Size
19.4MB
-
MD5
169ea296337d10641bb62076f1e710a5
-
SHA1
b39755a83a749d6aaf21634786857936e117fdb7
-
SHA256
a08bc5525ff0894dae0fd7aae28fa9fd0ad3be460cf671db150e1262c39e2361
-
SHA512
dc47e4cc640e82d969ad19091de94b774a8693f469dde2a348de101e6f25c3a8b6227f7ea4fe8b437d90154848951d72450ea24f257cd8f6dcb92ba844b8d2d6
-
SSDEEP
393216:vP9JnsPWvQd842KipEcoc1UN7u5W7Sjef0OGwa+Ta/h+k5QwEA:vP9Jns+v8z2KiNocou5fE0pwvTap+dg
Score1/10 -
-
-
Target
factura546532.msi_factura546532.msi_16597.msi
-
Size
27.3MB
-
MD5
d5853c4d813b09d80738c808e91675e8
-
SHA1
648867888645fb9c50d2d98ea15f214878e56b46
-
SHA256
8a7559fdc195c6a6bc0ba79ff154c17ca2c8cabbd7f6f5275895caa516448393
-
SHA512
eaed46e72d4fcfad12d10a8d034dfbf0e048792cc0b4aaa317267f9200f06407de8cf83296c520be0603f7b7df0916b597393873d1653922e1e17fcba7f86cc9
-
SSDEEP
393216:Utwqv0kSEeEqwODp2QLALCKip6SGM4srjbPl5RhpvH3LHZEBFis:Q+x2Sxzn9PHPbZEus
-
Detected bankofmontreal phishing page
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-