5304522c3f48984337f18133639815cab62f24ef25407c3a097fcecfc4b4ed9f | Triage

Sharing

General

Target

Contract_8556.iso
Size

990KB
Sample

221028-kczytsfean
MD5

f1404d05a5143952499cd764babcb895
SHA1

673491da8fdbff9708fb077259515c0d788578ae
SHA256

5304522c3f48984337f18133639815cab62f24ef25407c3a097fcecfc4b4ed9f
SHA512

329d21193d45866ab0b3bcdade34245a10645e3c4a0d29c61cd45512ce60b1331294a0e96c44dc20444f8716bdbcba371db8c8453be6fbc73476ead56035ac20
SSDEEP

24576:u6y8bRZAYhI/LoO9bBoY/6wgHzwt6AwQwrwJwJY:u+AYhIjoO9d/6wgHzwt6AwQwrwJwJ

Score

8^/10

Malware Config

Targets

- Target
  
  Contract_8556.iso
- Size
  
  990KB
- MD5
  
  f1404d05a5143952499cd764babcb895
- SHA1
  
  673491da8fdbff9708fb077259515c0d788578ae
- SHA256
  
  5304522c3f48984337f18133639815cab62f24ef25407c3a097fcecfc4b4ed9f
- SHA512
  
  329d21193d45866ab0b3bcdade34245a10645e3c4a0d29c61cd45512ce60b1331294a0e96c44dc20444f8716bdbcba371db8c8453be6fbc73476ead56035ac20
- SSDEEP
  
  24576:u6y8bRZAYhI/LoO9bBoY/6wgHzwt6AwQwrwJwJY:u+AYhIjoO9d/6wgHzwt6AwQwrwJwJ
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  Contract.lnk
- Size
  
  1KB
- MD5
  
  c69e380470d25126e26a2ac731f3ee84
- SHA1
  
  ddc46580ab308d72176191ed35001830bb76678b
- SHA256
  
  03ddebb9718379ba27af2e30ca41a85fddd89fc582468c3eb6066c9b277bd3de
- SHA512
  
  d157b382dacc30165160b92e6b8080d5a845502f7a0c783220dc67ddaaa199e4f6a658b71a59990dfda2634e3767f0bb77a24e18945cdefe849d0cd53026f13c
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  reviewer/beastly.dat
- Size
  
  628KB
- MD5
  
  21a58f232100acc74ca02cb4c9193981
- SHA1
  
  6eba26240da27fd706d30046f0645c5b6dc47957
- SHA256
  
  808cc617a65f9eeeecf7241b06ddeeaa6cfd9b23db30094169fd307c4607e16b
- SHA512
  
  32bda9d70937f608e3bef2c7a1c96759f6bdfd5a1fe242befd51ed4c847019def6090aeb0d4f356a05191bb293adc67588ec76ec843ef3877cf1b1a8f1e2f1fd
- SSDEEP
  
  12288:8x8IFmbH8yS5XXUrIVcxxK/5IOT2LY/O9bBoY//w:R6y8bRZAYhI/LoO9bBoY/4
Score

3^/10
behavioral5 behavioral6
- Target
  
  reviewer/bike.txt
- Size
  
  265KB
- MD5
  
  54dfce4951f37c3b2aac075c8a1ab307
- SHA1
  
  690afeae797b730069500bc01041e4d0e80f794f
- SHA256
  
  eb07a4762c1fdb09f4258a6d9c3e549e43fd4268fdbbc34d13b4c8b5d8b1deba
- SHA512
  
  06d23cbb033b78a948a0fe528de7935e2e2f659cf8ea33d83e6490e19078068d8898683123208e75e85cb1d9998ac6445f95c2d354e4bffbd7a00365813d0d21
- SSDEEP
  
  6144:3wuOIHGYwWiu0LeOyyTuXBYOcycw1oDokO+USnwcTSnwJwzy:3wuOIHzwtuxOEOOc/waO0wrwJw2
Score

1^/10
behavioral7 behavioral8
- Target
  
  reviewer/rehearsers.gif
- Size
  
  34KB
- MD5
  
  3ac9a9d792b7133f8b2bb19aa3198451
- SHA1
  
  3e10030682fdbd721e0f0ffcffbc7c0e0b731b4c
- SHA256
  
  b6b8a8a68623e8d0f3029c47e45dec05a687b0939966d0d70aeaf6c1cba210fd
- SHA512
  
  6032fc5403e70fb179248d8e6d94bc30ddc47b662c7385cff401ac2c097a96cd31f6d52886d023624964a59d26e3a364b6a2eb8229e21247a8a678ca3da5b157
- SSDEEP
  
  768:lIEj6RLwbK6WEHQp7M7HnofvRx+UQP5Ipg4XF:lIaYQKgHQp7UHoHePapg41
Score

1^/10
behavioral9 behavioral10
- Target
  
  reviewer/ungroomed.cmd
- Size
  
  354B
- MD5
  
  6d1154c490214c6ca6a9186cc7a7a04e
- SHA1
  
  697909602a5f9a0f9bf6098806a9411d8d84de71
- SHA256
  
  67799a42b9d4dd9cbdab2bfb34b91aab636922f84b24b8a6374b8ad20fb10c19
- SHA512
  
  184966728fbaee9d8591f6fe8516af8b9fe99183442115a533ce6f5c1477cb3817da799c7da10bbb3212fd07fcc6ea75698fea0776fb5bf75043e212d87a8564
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12