Overview

overview

6

Static

static

3

FW Hello S...AS.msg

windows7-x64

6

FW Hello S...AS.msg

windows10-2004-x64

3

Hello, STA...AS.pdf

windows7-x64

1

Hello, STA...AS.pdf

windows10-2004-x64

1

bry l el_b...OT.pdf

windows7-x64

1

bry l el_b...OT.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FW Hello STATE OF TEXAS.msg

  • Size

    3.1MB

  • Sample

    221004-scnvkabfbm

  • MD5

    25702ca8ef534b0dcb05e41184f974ba

  • SHA1

    dbcf42c9c8858aeaa77f047f6a07057530f14dcf

  • SHA256

    c6a55ba02d3915a63cd351c5fc253f9b323bf639ff90e4716d68b53e8654f64e

  • SHA512

    c61594fe8ecce72d1789cf14f58ffe8d9c7f4db343223487447be1193766e5952b84b8b7b6ea885a05e786eea3a8876d0226061db0b9d3a4d8d4000666e9ae04

  • SSDEEP

    49152:uh8fp5ytAyoeoM7BPzE36MwoYkzkbcYSD6Q0H4oiwpGNNyybcuZ6BiLXOop4jQ5:nfp5ZbMdLmwoYRcY46AApGXvYbG4k

Score
6/10
collectionlinkpdf

Malware Config

Targets

    • Target

      FW Hello STATE OF TEXAS.msg

    • Size

      3.1MB

    • MD5

      25702ca8ef534b0dcb05e41184f974ba

    • SHA1

      dbcf42c9c8858aeaa77f047f6a07057530f14dcf

    • SHA256

      c6a55ba02d3915a63cd351c5fc253f9b323bf639ff90e4716d68b53e8654f64e

    • SHA512

      c61594fe8ecce72d1789cf14f58ffe8d9c7f4db343223487447be1193766e5952b84b8b7b6ea885a05e786eea3a8876d0226061db0b9d3a4d8d4000666e9ae04

    • SSDEEP

      49152:uh8fp5ytAyoeoM7BPzE36MwoYkzkbcYSD6Q0H4oiwpGNNyybcuZ6BiLXOop4jQ5:nfp5ZbMdLmwoYRcY46AApGXvYbG4k

    Score
    6/10
    collection

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Hello, STATE OF TEXAS.pdf

    • Size

      225KB

    • MD5

      52cd8f0375afa338c782c7099d1c595a

    • SHA1

      460c9cb93fd79cf53a33bad2017664081ecf2784

    • SHA256

      525b2f6063d264d8758323d584436827b72344275a28438db2f2b2632c70b88c

    • SHA512

      18d731eeed83e10a9eb847404fe5db511fa357756b1d26a220fe27693fbc767febf13cb022558fd1c23dadcd0e0e6ec356a56006e983d9e7915e05170785f54f

    • SSDEEP

      3072:Nl3WoMuPCgiuwK+0de4MgGFMLwxwpcSV9fGcLuHHO2h5nPPxhh2KnPPxHh22:iKi50/MgFLwxwH9fGOuOS5XxhhnXxHhL

    Score
    1/10
    behavioral3behavioral4

    • Target

      bry l el_bryshawn whigham_identification_8.5x14_trust corpus_national identification card_DOJ - NOT IDENTIFICATION DOCUMENTS (1).pdf

    • Size

      2.7MB

    • MD5

      fbdfac526197fbc1e668b5ecbd017b4e

    • SHA1

      9d3a03c5d990a3d4511a4ec6a15526c285cc603b

    • SHA256

      0a4a424a33f48244083d38948eb3ab0b68534182a9b16679009eaee821f2fba0

    • SHA512

      912d6aea01f659ee8779b6854cbef9803bb44147001d2518d7dca635f010d23efd38d84046c2568ce70be0089013d9097b0f1da21da27d6ea67e0156d302306e

    • SSDEEP

      49152:PtAyoeoM7BPzE36MwoYkzkbcYSD6Q0H4oiwpGNNyybcuZ6BiLXOop4jQ5A:qbMdLmwoYRcY46AApGXvYbG4ku

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks