f70d3601fb456a18ed7e7ed599d10783447016da78234f5dca61b8bd3a084a15 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7177ab83a40a4111eb0170a76e92142b.rar
Size

553KB
Sample

221104-w9f3rshgh8
MD5

7177ab83a40a4111eb0170a76e92142b
SHA1

9439efccfa5db7846e26e3a89a7b69cd7f267a65
SHA256

f70d3601fb456a18ed7e7ed599d10783447016da78234f5dca61b8bd3a084a15
SHA512

e4d9e80879deff7f3ad0febe21847854052b5a7b447eec5f40670273ffc8455e10ce45be2d4c77f63a237691f6b1eed8b08d8dc9b757091ac70feb9f35319e76
SSDEEP

12288:4AEUp4/y3yboNZOIu8th0vcGNBM8Dg7SjP4P4:4Ayyi0NxZDtCeEgujP4g

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Political Guidance for the new EU approach towards Russia.doc.lnk
- Size
  
  2KB
- MD5
  
  2d29e453749a6b6e18516015f6047f1a
- SHA1
  
  91d8376ee3737a15ca6d9e4a1156db7e01d15bda
- SHA256
  
  3e33897fcbf2f830b665489017a843146955ef67061bd58f004c418b6b97e9ea
- SHA512
  
  2635cfe3d2b87e1e163d205e31107ccc7a1f0567bb67843d4394cce2d217e1fd98c63e1c21883664a92065f6fb702334c58751767df2e73f501b056f2edc8be1
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  _/___/_/___/______/_____/__/ClassicExplorer32.dll
- Size
  
  112KB
- MD5
  
  6d6a0ca7c7343eedfffeb697229a4929
- SHA1
  
  b8bc6878030e51c6726b8536473e396e75969462
- SHA256
  
  8e27900949a087349488d82e7434937bd253d31749041bb0233000a7339fc3e1
- SHA512
  
  40e9f5839637096de31b7a342fd8ef4c111725b65202ca8a5ab0d61f562d5c36dac2b347b82bb242cf56d8453b7c077043308652fd8e2e829370e6874f6793c4
- SSDEEP
  
  3072:9xcDum8qFNKZ602pFSjhLZiGcxmpJ8yLRuMRN55OyL6mg:XrmbpFQ0Gcx0JnPMi6mg
Score

1^/10
behavioral3 behavioral4
- Target
  
  _/___/_/___/______/_____/__/test11.bpu
- Size
  
  96KB
- MD5
  
  ae105528a6c5758ccf18705a8c208a97
- SHA1
  
  f337789deabde593936eb8753dadd056735f3f29
- SHA256
  
  b44cc792ae7f58e9a12a121c14a067ee1dd380df093339b4bf2b02df5937b2af
- SHA512
  
  1c820c5960879b374c2a5caf452f0f3e41ca1a7bd79d982d2457cb6dcba6fa39115307322be59e28f88e7dd8557c895bdead94b7196292de1cd9297ab9cb688f
- SSDEEP
  
  1536:WpotLuQVD29umGs9wT4Il5+e3Wvv7dgKwd9ndX3rDwD:nL8v+5+jvv7mX7DwD
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6