f7498c44b9c31ab19c72e5bcdcb7e8d2c5a652af3ccb68e20c23ce07d2397a95 | Triage

Sharing

General

Target

1.eml
Size

6.4MB
Sample

220323-mge6bsggdj
MD5

4e1764c7e3d2f41f8b3e65cdaf178b03
SHA1

8a12230f5d77aa36e9ba006453f11ff9c3e3aedd
SHA256

f7498c44b9c31ab19c72e5bcdcb7e8d2c5a652af3ccb68e20c23ce07d2397a95
SHA512

a3a6756f3f88a348b9937c4ee3a16269d7120c4763b0c1ef0fe1e611af91674a60e60b22dec6ca08a643eb8f9be03f24d401486a011399c3003e422c187bc49f

Score

8^/10

evasion link pdf trojan

Malware Config

Targets

- Target
  
  A09 (1).pdf
- Size
  
  505KB
- MD5
  
  1f4a5c96a4407be44fd8cc2c404d5009
- SHA1
  
  0d4dd50c093c8bdb89a17319e4de7cd0bb18de9c
- SHA256
  
  e14cfdb7143e4c3f8aa7eeb39227bf35beee88735202e3e6e62b69bbbb5878b9
- SHA512
  
  8550d417aa20209a0ece09c15c7c124b1425c0d170ef7008779aa1f18fcfb88bc2126d49e444d369198326fca6a3ab203599ecf5024da04e192be22df4151877
Score

1^/10
behavioral1 behavioral2
- Target
  
  BRS.pdf
- Size
  
  39KB
- MD5
  
  327e98928162506396e752716a5d6ae2
- SHA1
  
  af23d6ec98c10ac851df72e735c6b4c6f55954b0
- SHA256
  
  dab52288d91138653d36d48a388981085a24e9b173c0391208fb9b92673a7a73
- SHA512
  
  b9fdd743ec5395c1cfe2890dbc3199ca44d04909a4afdee9ad8102c20f588adf117978bee662d9732ea0c0b70c903ec12c28faa0e62dca5c53a60adfd86dffa4
Score

1^/10
behavioral3 behavioral4
- Target
  
  DOC.pdf
- Size
  
  708KB
- MD5
  
  dec332e5d89b688e0fbad03d48999a7e
- SHA1
  
  5a229884998ffdfd0af8681be12d6726e2c2e568
- SHA256
  
  9cfafc0df8156b2c1b872af78f9230e756ff8c2b92bb7f93f3809a681bfaf5c3
- SHA512
  
  76786cecdcc434ba714b18b3c8c00ac037cf92a92d80a219557aa70fef43b5abfb80c7dc199475e54107731a52dd4a7a43c4a9d86afdc107941ed4017c612cb2
Score

8^/10

evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  E id (1).pdf
- Size
  
  216KB
- MD5
  
  31fd24200f7b0308b691b8d3667c5d8e
- SHA1
  
  132cbff5aa0193a5cafad43bf7d8c0b054012f09
- SHA256
  
  e4e384ad25dec56f1eac535994a89a27e95b5173256d085b7f819c0ba3169f8f
- SHA512
  
  4cef73cb8b01b9e451422464d0bd4d87b4eb75c423074434472047758ef9fe987f023bb73db4c4867de6f1cfa406bba315e5a448aaece08e93c423b20f749292
Score

1^/10
behavioral7 behavioral8
- Target
  
  bankaccount.pdf
- Size
  
  31KB
- MD5
  
  27a93d57ec0b4f8f60672abf152ddea5
- SHA1
  
  bc700fcd78c09de6966611a3f3a28d689d43b506
- SHA256
  
  2d9116afa71d593ad82f522573e95eaf40012342e047b39dc7a2dc2a89055bee
- SHA512
  
  ac08e8d4723014e5a84ab3612741f28b2d36ac34b657c32fc520033f2b60d0b9b79ee175f6d36b026f59066dfe71f02a84826d310afa3df6737652872cdbdfaf
Score

1^/10
behavioral9 behavioral10
- Target
  
  fw8imy.pdf
- Size
  
  278KB
- MD5
  
  0fe7463a38e2f783587127f24cc70ffc
- SHA1
  
  1e31bc6f553edbb62f23f0b79b5244baf3ed12ba
- SHA256
  
  2d3048e7d83485dde66e8d7904411cf577e5d2f73c71541c804d9dcb1bfb0493
- SHA512
  
  3a83f54caa0e702726beba9415e3e629f637adf04237da7d4292ba6ec6b87970f395abc6e51bea5013f7b1c935a6a8929bcd21fcb35b6dce5103a5b15c99ef45
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12