3c7def980dfdebc0e03d8a3d3e2ee8367268ea676050e767e3c6ad77b8f9219e | Triage

Sharing

General

Target

3c7def980dfdebc0e03d8a3d3e2ee8367268ea676050e767e3c6ad77b8f9219e
Size

885KB
Sample

220317-qlvy5aedf5
MD5

178c15b02451a29f3bed0a068adc2049
SHA1

93f5b77065216f6d1eebed5ee3fe1b56937d9835
SHA256

3c7def980dfdebc0e03d8a3d3e2ee8367268ea676050e767e3c6ad77b8f9219e
SHA512

abbb6104b0da967853355c36217fa7ab56fc175d47e6561a79b8d9ecbbaaa6727e9672b7fd2c00088cd70d549994ceab16aa032ab09f63de0a652991fa7bee12

Score

8^/10

link pdf

Malware Config

Targets

- Target
  
  CopyIdentityLicense.jpg.lnk
- Size
  
  602KB
- MD5
  
  d1f069c6021aba84d1fa010295312315
- SHA1
  
  85f3f53c12a8bb7d9525b5d30ec51fdc354c1a21
- SHA256
  
  a0ec772fd0d24ce6e5c8ffd9ec018f3b2463d6d0246d8cb9b8bbbe9230dba330
- SHA512
  
  710be7d2ad7f1ad2416b29b4d4b6ebd335ecdeb778b41ea2e12a3b4ef6a6df4f2e5908117b58a15e96dfde8e3bf79b7da6ba362b915ffb33e9aef904df91edf9
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  CopySwisscomstatement.pdf
- Size
  
  147KB
- MD5
  
  216fbad981ab7fc80f639466d0d05676
- SHA1
  
  0d193761ea2c3f555ab0eb3aaf0ec12380b1c5e4
- SHA256
  
  cc6ed8238063d96f5698d45f01870312e1d416e41b5baf0502eafeaf130e7c50
- SHA512
  
  15469b25b6a537d1bd20248964ebd233798cf8aaf2529bed4d4a261c985b7982f1c3a7543296c418d40d1e8227b49d9c1581bcc14ac3b8fe8c33bcfbead404cf
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4