Overview

overview

10

Static

static

3

COVID-19-V...on.lnk

windows7_x64

10

COVID-19-V...on.lnk

windows10-2004_x64

10

EUA 27034_...21.pdf

windows7_x64

1

EUA 27034_...21.pdf

windows10-2004_x64

8

SUMMARY OF...en.pdf

windows7_x64

1

SUMMARY OF...en.pdf

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a16e466bed46fcf9c0a771ca0e41bc42a1ac13e66717354e4824f61d1695dbb1

  • Size

    1.7MB

  • Sample

    220228-dpfx6achh7

  • MD5

    f7b0f59bff65176713c678693f1bf1f2

  • SHA1

    417858f4722442a311f4ef2d5126c8a8cae760cb

  • SHA256

    a16e466bed46fcf9c0a771ca0e41bc42a1ac13e66717354e4824f61d1695dbb1

  • SHA512

    695811a3112a75d1f5789f902f2b97948864989e4fd49b6531073b3ac19f86c98661e8173447a26d30273c6d3ab6475c4bd43885a1a4d395c5deb7531681a88a

Score
10/10
linkpdf

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://1000018.xyz/soft-2/280421-z1z.exe

Targets

    • Target

      COVID-19-Vaccine-Coupon/COVID-19-Vaccine-Coupon.lnk

    • Size

      1KB

    • MD5

      5897322f62070e894488b4115463939d

    • SHA1

      217490d9df6b3eb30caec933c6f3a04ae3a3a82f

    • SHA256

      101d9f3a9e4a8d0c8d80bcd40082e10ab71a7d45a04ab443ef8761dfad246ca5

    • SHA512

      83cdc338ce8c7f5bf030ddd654a17b3a7fc6283d9331e5c0eeadc3e4c98aacfb72d51890e9dcb56f4115cd05fba09a0d45a2c751e599c1c45122b86db65f87d1

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      EUA 27034_FS for Vaccination Providers-Full EUA PI_Final_4.6.2021.pdf

    • Size

      1.1MB

    • MD5

      237afde9fad4619889d9cde8e80a5180

    • SHA1

      b0b53f8cae545c2961b662941652390ccad02700

    • SHA256

      8ceea84eccec373701f4ed54703beb6381d05be2bdbb93ae58d78726fdca6807

    • SHA512

      86de2d6c65bfe241d13a06dbdae1727021d93ba11f3e5db8eda9a899ebbb56b646ff041755803caaa5ae4cb10bef1e9d941267a1e0188c32138c45382021b2f8

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      SUMMARY OF PRODUCT CHARACTERISTICS/comirnaty-epar-product-information_en.pdf

    • Size

      737KB

    • MD5

      6b0b509b3c6d375e989213a1ed32f2b2

    • SHA1

      cb96c3fd157469362268f05644498562ca83317e

    • SHA256

      b7af9b46c0ad2c921b0d38736013f39106d8eda881947d07ba12f587f9d3ae81

    • SHA512

      e7f0f28794c2a4d66caf848134cbe734cb2fc397d4b3d9ada600323df67c6201a224ae746d208b8799777c7c96d9e48beeada8449bb3c815a256d9d0901a8226

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks