General

  • Target

    85e3f555f34c270b5135b80da1273fa89ac8039cd48c4128cbe1d09e438555ae

  • Size

    8.8MB

  • Sample

    210508-c11ysalame

  • MD5

    97000facebbab449c06ddcdcdd51e825

  • SHA1

    5cdfbd6a6ff88644ba522402fe5fae5ecacbe71d

  • SHA256

    85e3f555f34c270b5135b80da1273fa89ac8039cd48c4128cbe1d09e438555ae

  • SHA512

    627a4842ce248d7ea98fe99b5f7ae9d25390564e112549ddc40fb5d26af3b1a4e837f9ebf853dfe4f91ba91efbb15e6c8dc649a2551f44fdc64ee1f2f5ca6d94

Malware Config

Targets

    • Target

      85e3f555f34c270b5135b80da1273fa89ac8039cd48c4128cbe1d09e438555ae

    • Size

      8.8MB

    • MD5

      97000facebbab449c06ddcdcdd51e825

    • SHA1

      5cdfbd6a6ff88644ba522402fe5fae5ecacbe71d

    • SHA256

      85e3f555f34c270b5135b80da1273fa89ac8039cd48c4128cbe1d09e438555ae

    • SHA512

      627a4842ce248d7ea98fe99b5f7ae9d25390564e112549ddc40fb5d26af3b1a4e837f9ebf853dfe4f91ba91efbb15e6c8dc649a2551f44fdc64ee1f2f5ca6d94

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks