Overview
overview
10Static
static
NewCovid-2...21.exe
windows7_x64
10NewCovid-2...21.exe
windows10-2004_x64
10NewCovid-2...ed.pdf
windows7_x64
1NewCovid-2...ed.pdf
windows10-2004_x64
1NewCovid-2...er.lnk
windows7_x64
10NewCovid-2...er.lnk
windows10-2004_x64
10NewCovid-2...ic.rtf
windows7_x64
8NewCovid-2...ic.rtf
windows10-2004_x64
1General
-
Target
434d39bfbcee378ed62a02aa40acc6507aa00b2a3cb0bf356c0b23cc9eebcd77
-
Size
2.0MB
-
Sample
220228-dsz57sdab8
-
MD5
df45ee66dd410b491e3e01c8880f6966
-
SHA1
e4fec41a80337c87acc8f67864047aba34690bb4
-
SHA256
434d39bfbcee378ed62a02aa40acc6507aa00b2a3cb0bf356c0b23cc9eebcd77
-
SHA512
b9b5bfebbeda3f4e75588a3fd35c4099e7acc02b579070066d0bcc8e107e4069b7c24cbe1c7214e5224f70030465cdebaf01e40f74a1ebeb0b8e20d3c2f89445
Static task
static1
Behavioral task
behavioral1
Sample
NewCovid-21/08042021.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
NewCovid-21/08042021.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
Resource
win7-20220223-en
Behavioral task
behavioral4
Sample
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
NewCovid-21/New Folder.lnk
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
NewCovid-21/New Folder.lnk
Resource
win10v2004-en-20220113
Behavioral task
behavioral7
Sample
NewCovid-21/Statistic.rtf
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
NewCovid-21/Statistic.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
http://buking.site/soft/08042021.exe
Targets
-
-
Target
NewCovid-21/08042021.exe
-
Size
598KB
-
MD5
e4855693722de3856421b1b6920ba54d
-
SHA1
9c50313f3b6d84a2b063d0acca64417bfe283d6d
-
SHA256
0e1e2f87699a24d1d7b0d984c3622971028a0cafaf665c791c70215f76c7c8fe
-
SHA512
5373fc8ac2839520492ac6fa03758ad9781c7a840b9091dba4e3b0f197519e7343de434f2e10ff55e85be8eea1f6f425e4b2f6a343b374852011c02ad70fbba5
-
OutSteel batch script
Detects batch script dropped by OutSteel
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
-
Size
1.2MB
-
MD5
c326ba10fb458ca8b17a12047664ba61
-
SHA1
897439fae9312219b87e6b62d0d7d0bcdf419eff
-
SHA256
bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a
-
SHA512
d647695b7bfc10d8c94af873506cb02c51ecdf672f151b175a3b42f78138fa401824b7a4f813d400acb35dbbc365968261282718672bc25d30040cf8e2e61941
Score1/10 -
-
-
Target
NewCovid-21/New Folder.lnk
-
Size
1KB
-
MD5
aa3e4c243b101ed6c92b38fe8670a724
-
SHA1
b85ef90888d2169252af104e809726e92aa518ef
-
SHA256
172f12c692611e928e4ea42b883b90147888b54a8fb858fc97140b82eef409f3
-
SHA512
cecb656b59170bb1e67e50f38f2b2b4753b8b63ec0633604c40018ccbe45b25c69828e0d3909b8d946ac0d44e52a5a8604c0b0537a7baa9ed3e36c7df6d64d9a
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
NewCovid-21/Statistic.doc
-
Size
4.0MB
-
MD5
44697aad796c0d82c1adbee15fd1266b
-
SHA1
0349463deb6e3803c425fa7725f7dedaccc6e6aa
-
SHA256
9803e65afa5b8eef0b6f7ced42ebd15f979889b791b8eadfc98e7f102853451a
-
SHA512
90cefab17ed24cc078a5cb71ae28b499e8583118566b2f59d6feae693d114468c292ecabdb7ddd7721a0a4c8e1af044513007e2804993b33e4eb18c0f7b83107
Score8/10-
Blocklisted process makes network request
-