General
-
Target
8050036139.zip
-
Size
17.6MB
-
Sample
220921-tsnp6scccr
-
MD5
7495cd64c8bec402a9d91dc912d3a0fc
-
SHA1
f32d504514fbbe8ebf0327b8306acd005fb2c4a1
-
SHA256
a2cb1bc45f9893eea8f3a539bb480b6b9cde2ff775c8aced3490de23eb10671f
-
SHA512
6642d82db1d74dfd2003744e68fb77b540c8905d8dc2aa98da5fbcaea09d6999894fff65247eeaf73598f1866706bb9baad2abffe2a6980c99b536bd6a50870c
-
SSDEEP
393216:84ZEYdyTvgK0uvCDbPWWACv6A3xfaLRP41EmfIlIj3:NZECQ1CfWWbiy4541bAlIj
Behavioral task
behavioral1
Sample
Policy Update/Policy.pdf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Policy Update/Policy.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Policy Update/Policy.pdf.lnk
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Policy Update/Policy.pdf.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Policy Update/policy.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Policy Update/Policy.pdf
-
Size
287KB
-
MD5
f8f586a5b2cbde66bc38bfb1b5e39958
-
SHA1
6853735e97f1d07da40797e90ac18b675088dd9b
-
SHA256
841f11cd242d243010adb9477a13d569021297859c8963d044c8ae79e882b57a
-
SHA512
d699961793754b702c288bd494f5f2da3801d551ceccfda4681c988974b5fdd2e840070d3636f6e01bf05762d578b5914044669abc07f81772462fcd78e11a62
-
SSDEEP
6144:EU2sUs1ZZoC9O7HrA5b1DfdpumVx0ekWdva1k0vPx+PVQvP9m:J3UuZjO7HrAZxwQme9EkMx+3
Score1/10 -
-
-
Target
Policy Update/Policy.pdf.lnk
-
Size
240KB
-
MD5
e4ba3d8f9dcd80f3716dea2b30c6aac4
-
SHA1
f1d7bcc3b09b74e2e3ce8fbf4288ee56728512e6
-
SHA256
476dce51d08f357b4f82e6ad92d01be070b3d5534541af88cdff04e38a478dcd
-
SHA512
5f8517386fcb1cacc79a936c6048c73d30ada73c6f773afd67ccd279912d845eec444f0e82bf45f3d427753f656402ad43abb3601cdcd999d829810c2ca348a3
-
SSDEEP
24:8UcJdmBlS0po4HSApA+/RXPqOY4I0WQtntzFyDvc17v/MRht1d/5zmx/:83mT7tx/iOnIcyDvc1Ofe
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Policy Update/policy.exe
-
Size
251.0MB
-
MD5
a5e000f19e9c29c93a6031ff7d47d810
-
SHA1
f4ba54b3237e097f79775e215591d56981ce911c
-
SHA256
01bd1272adb7e8855c7aa3a40cc3cb5606b07219fdcf9a91ee90aee9569cf6fe
-
SHA512
24f6a82cf2cf3ad9ea55211144f79d60bf93c5b22b768b96ca513f6aef36cc5588686d476a812eec0351b840be47cb8b95125311304259e05256d26f4153cce2
-
SSDEEP
393216:9+UwaZAOnzDdQuslN/m3p5Iwd4nqPMfU6BJHcRlvJuy0awDu:UeA4vdQu4K5x4nq0UQ8XxuhawDu
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-