Overview

overview

7

Static

static

1

AfipInstal...12.msi

windows10-2004-x64

7

AfipInstal...12.msi

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AfipInstal 3491467912.msi

  • Size

    28.7MB

  • Sample

    240630-fj2c1sxdpp

  • MD5

    90a8aeea10139c563654d6fca6bf2e50

  • SHA1

    c3bd41d576175e0ee0fe8c06b94720370e1f79f8

  • SHA256

    1f76c709241f0fb8624e10ef2f969894af1de4b22b057fcd7e9064dba760a182

  • SHA512

    3f3d3268711f2e8c355411967048a2c84b8b1f6b12b74d6c345c2e6ede27a3648a69e41855f19f2a201dcc102c723ba8a917a1c94946bda72d0c63ab98a7e01c

  • SSDEEP

    786432:bG59Ebw+dsspncz4vvS1iP6KfHCp3N3QMVvF:bS9EXdL3CsP6wrGvF

Score
7/10
persistencevmprotect

Malware Config

Targets

    • Target

      AfipInstal 3491467912.msi

    • Size

      28.7MB

    • MD5

      90a8aeea10139c563654d6fca6bf2e50

    • SHA1

      c3bd41d576175e0ee0fe8c06b94720370e1f79f8

    • SHA256

      1f76c709241f0fb8624e10ef2f969894af1de4b22b057fcd7e9064dba760a182

    • SHA512

      3f3d3268711f2e8c355411967048a2c84b8b1f6b12b74d6c345c2e6ede27a3648a69e41855f19f2a201dcc102c723ba8a917a1c94946bda72d0c63ab98a7e01c

    • SSDEEP

      786432:bG59Ebw+dsspncz4vvS1iP6KfHCp3N3QMVvF:bS9EXdL3CsP6wrGvF

    Score
    7/10
    persistencevmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks