Overview

overview

8

Static

static

3

cc48d8c645...17.pdf

windows10-2004_x64

1

informe_payload.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc48d8c645c27dd850652c0a66e22dd2e1b62bbf6ad208f94b8f5847684a8d17.zip

  • Size

    206KB

  • Sample

    220601-dk9pnshfdr

  • MD5

    26008065e2ecdec97743e4eb18713673

  • SHA1

    a95749705f2c9ce34445f7c013713735369dfd3b

  • SHA256

    f09f8ba2731b18b7e514cfb47c738b31532ff5d491161095c93907c27efeb633

  • SHA512

    bdda1c4104d5b58d5da5cf3959a44e7897c220d2f1ea3599f678cd0aa287fe549e5bf020c8a31cfdd03d505a17c3cade75954e3a4514fe059f29d016db01bf30

Score
8/10
linkpdfpersistence

Malware Config

Targets

    • Target

      cc48d8c645c27dd850652c0a66e22dd2e1b62bbf6ad208f94b8f5847684a8d17.bin

    • Size

      212KB

    • MD5

      f28baa94ff32d8a4b006004b3c9c4261

    • SHA1

      54677341b7e233d8c0b6dcd38dc5e9d1a58511ef

    • SHA256

      cc48d8c645c27dd850652c0a66e22dd2e1b62bbf6ad208f94b8f5847684a8d17

    • SHA512

      853dc19d16e4387210e63b3de74c044db802e429bf12d082e00b66f127bb64e742cad32e2b1f23661a11cb47341d7b34e249533b2fb15a3815ed81b677f64989

    Score
    1/10
    behavioral1

    • Target

      informe_payload.pdf

    • Size

      32KB

    • MD5

      8606faa60b008da0ce43437dc81be1e2

    • SHA1

      13444f825362a6a946b3a91b13784d78fe3fc422

    • SHA256

      4de3dde86d66424d79fcb561ace579d6b22919f52505aa177bd161bcf4157c4f

    • SHA512

      e23e310399baf03034b51f1be445ea01a6ef2ec4f82da43af6c4639dc28834d49119ddb83f40019ff6c9b45124da637d579ef5289620a13a7078284c7fead33b

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks