Overview

overview

7

Static

static

4

Policy Upd...cy.pdf

windows7-x64

1

Policy Upd...cy.pdf

windows10-2004-x64

1

Policy Upd...df.lnk

windows7-x64

7

Policy Upd...df.lnk

windows10-2004-x64

7

Policy Upd...cy.exe

windows7-x64

7

Policy Upd...cy.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8050036139.zip

  • Size

    17.6MB

  • Sample

    220921-tsnp6scccr

  • MD5

    7495cd64c8bec402a9d91dc912d3a0fc

  • SHA1

    f32d504514fbbe8ebf0327b8306acd005fb2c4a1

  • SHA256

    a2cb1bc45f9893eea8f3a539bb480b6b9cde2ff775c8aced3490de23eb10671f

  • SHA512

    6642d82db1d74dfd2003744e68fb77b540c8905d8dc2aa98da5fbcaea09d6999894fff65247eeaf73598f1866706bb9baad2abffe2a6980c99b536bd6a50870c

  • SSDEEP

    393216:84ZEYdyTvgK0uvCDbPWWACv6A3xfaLRP41EmfIlIj3:NZECQ1CfWWbiy4541bAlIj

Score
7/10
linkpdfpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Policy Update/Policy.pdf

    • Size

      287KB

    • MD5

      f8f586a5b2cbde66bc38bfb1b5e39958

    • SHA1

      6853735e97f1d07da40797e90ac18b675088dd9b

    • SHA256

      841f11cd242d243010adb9477a13d569021297859c8963d044c8ae79e882b57a

    • SHA512

      d699961793754b702c288bd494f5f2da3801d551ceccfda4681c988974b5fdd2e840070d3636f6e01bf05762d578b5914044669abc07f81772462fcd78e11a62

    • SSDEEP

      6144:EU2sUs1ZZoC9O7HrA5b1DfdpumVx0ekWdva1k0vPx+PVQvP9m:J3UuZjO7HrAZxwQme9EkMx+3

    Score
    1/10
    behavioral1behavioral2

    • Target

      Policy Update/Policy.pdf.lnk

    • Size

      240KB

    • MD5

      e4ba3d8f9dcd80f3716dea2b30c6aac4

    • SHA1

      f1d7bcc3b09b74e2e3ce8fbf4288ee56728512e6

    • SHA256

      476dce51d08f357b4f82e6ad92d01be070b3d5534541af88cdff04e38a478dcd

    • SHA512

      5f8517386fcb1cacc79a936c6048c73d30ada73c6f773afd67ccd279912d845eec444f0e82bf45f3d427753f656402ad43abb3601cdcd999d829810c2ca348a3

    • SSDEEP

      24:8UcJdmBlS0po4HSApA+/RXPqOY4I0WQtntzFyDvc17v/MRht1d/5zmx/:83mT7tx/iOnIcyDvc1Ofe

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      Policy Update/policy.exe

    • Size

      251.0MB

    • MD5

      a5e000f19e9c29c93a6031ff7d47d810

    • SHA1

      f4ba54b3237e097f79775e215591d56981ce911c

    • SHA256

      01bd1272adb7e8855c7aa3a40cc3cb5606b07219fdcf9a91ee90aee9569cf6fe

    • SHA512

      24f6a82cf2cf3ad9ea55211144f79d60bf93c5b22b768b96ca513f6aef36cc5588686d476a812eec0351b840be47cb8b95125311304259e05256d26f4153cce2

    • SSDEEP

      393216:9+UwaZAOnzDdQuslN/m3p5Iwd4nqPMfU6BJHcRlvJuy0awDu:UeA4vdQu4K5x4nq0UQ8XxuhawDu

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

2
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks