f74199f59533fbbe57f0b2aae45c837b3ed5e4f5184e74c02e06c12c6535f0f9 | Triage

Sharing

General

Target

f74199f59533fbbe57f0b2aae45c837b3ed5e4f5184e74c02e06c12c6535f0f9
Size

847KB
Sample

220201-c2ncbsfhf7
MD5

37f78b1ad43959a788162f560bdc9c79
SHA1

992d530d4bb35fb8dbdfb690740ead6e0fa974ec
SHA256

f74199f59533fbbe57f0b2aae45c837b3ed5e4f5184e74c02e06c12c6535f0f9
SHA512

b36628838c4af9d7f4c67a2ffa3d91c25291c8ecb7ac29cf7f1ed16e19f2b8d0abaf04d8f5b83b4c3343874bf0db5d9e4e0b0b167b6e6ce67b1b4bfedd9d3aef

Score

8^/10

link pdf persistence

Malware Config

Targets

- Target
  
  20200308-sitrep-48-covid-19.pdf
- Size
  
  836KB
- MD5
  
  faf5ef01f4a9bf2aba7ede67dcc5a2d4
- SHA1
  
  4e0c1a05360c6bebf903a708acf6792b13f43870
- SHA256
  
  2dd886cc041ea6e5e80880ccbbc54be42079598acf0c1e7e459616c3f9c0dd34
- SHA512
  
  443b8553c93e1390f5ec872f2a0d7a60fb6893fc47d8c36e6c846c3bb7cace0c6087c565f832d7a115387c982253ad0997275aafda7b74a37174448ebc2bdf9d
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2
- Target
  
  3UDBUTNY7YstRc.tmp
- Size
  
  32KB
- MD5
  
  83d04f21515c7e6316f9cd0bb393a118
- SHA1
  
  e00b982a14835dae781bbbe06055d7d18acc6eb0
- SHA256
  
  a49133ed68bebb66412d3eb5d2b84ee71c393627906f574a29247d8699f1f38e
- SHA512
  
  ae8f75199bb7776b96d5069d0aa5e5e144948ed7d3072c2b7b4e0b99f9eea7dcab1890782b83eeee2c4b17b9a03a7094e4b1df7f659ec52c01dabb95daee21c6
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral3 behavioral4
- Target
  
  486AULMsOPmf6W.tmp
- Size
  
  85KB
- MD5
  
  371e896d818784934bd1456296b99cbe
- SHA1
  
  88f23b0913ef5f94cd888605504e1e54c3a6e48f
- SHA256
  
  604679789c46a01aa320eb1390da98b92721b7144e57ef63853c3c8f6d7ea85d
- SHA512
  
  1d3342118271b783c3937acbdb15cc16f1db91b3ce1cf5069078afd595d468d61efc6c6e082ab2a3122c046af6de5cdb70d822e60d526e782abcb7beaa10fb53
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral5 behavioral6
- Target
  
  9sOXN6Ltf0afe7.js
- Size
  
  792B
- MD5
  
  4f8ff5e70647dbc5d91326346c393729
- SHA1
  
  2fd4eb78e53af6a5b210943ca8f0e521bb567afb
- SHA256
  
  70b8397f87e4a0d235d41b00a980a8be9743691318d30293f7aa6044284ffc9c
- SHA512
  
  70befa1aaebca808fab2f3538897380b8ad988106eab300dfe4063e1a6933ce77ff01949f99e5741ac8ffb0653e65b946de4f87e5a035926b18bfb3e5e4ec2ef
Score

8^/10

persistence
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  cSi1r0uywDNvDu.tmp
- Size
  
  4KB
- MD5
  
  eefeb76d26338e09958aae5d81479178
- SHA1
  
  c400e10a8f2b5b62f919033e2db0a1f99b1a3c38
- SHA256
  
  9d52d8f10673518cb9f19153ddbe362acc7ca885974a217a52d1ee8257f22cfc
- SHA512
  
  dec10282cfbbbfc623f98576aff1a004627de3469ca780b454eccf365683ddfddb1975d5482f63ce6373267749706772b566aa8a219ec30d1ed7463d4a49da4b
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10