735f4e4a46c441adc84d100d11eeeeca0de9ff4e1b50f3f957652e64f6b0e411

Sharing

Copy URL

Twitter E-mail

General

Target

735f4e4a46c441adc84d100d11eeeeca0de9ff4e1b50f3f957652e64f6b0e411
Size

20.1MB
Sample

221124-rc3s2scf4w
MD5

cf1f46cf5d4baaa3c10822bd428a8a60
SHA1

cc37728824faaac5528a6eca35eceb9440ebd361
SHA256

735f4e4a46c441adc84d100d11eeeeca0de9ff4e1b50f3f957652e64f6b0e411
SHA512

13f780d8488f932a6f0bd3c433deeda16696a9f1981255806c8ae40dee53416f987b2af61018db84a2bc6f381a0af39f1226d505d2cad316130f585be9480535
SSDEEP

393216:sHMM+vrH80MXLDsZ3U5gyCcp9gO5TBwixtomQnD7KfeUGWLxrw51sqXj1gGZNpYh:IFGrtMXf5ecp9htDxt8DPsLxrHquGZNS

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  K1-3K2-2ؿбļ/01.ļ/K3-1+2-2ܻ̼Ҫ.doc
- Size
  
  132KB
- MD5
  
  427be070572e737a8e4908af3a5ef383
- SHA1
  
  d6fafbba83be49d6a34e6a214f257140d3aa244f
- SHA256
  
  2350992d8ec802e0aef700d5ff478d685de369a10ca1e35c3a84fc1b86fb0f36
- SHA512
  
  48414193edd5f28c55689b6d12c151ecc3283d75635ef42c94356d9cb29c03486292f4a63eb40638412f39b17f768a5f37a26d7524f5c0b4e84238066d4842bb
- SSDEEP
  
  768:5hbwW8d820aBsqAbHlTTCtXSJnSFFFmttjFFFnzjSSodjFFAAPore27eFcc7BO2c:5pwW8r0xqWTCYAPoP7x
Score

4^/10
behavioral1 behavioral2
- Target
  
  K1-3K2-2ؿбļ/01.ļ/K3-23ͼֽĿ¼10-23.xls
- Size
  
  43KB
- MD5
  
  149326e3ae1ea40add2e290b20e53ed5
- SHA1
  
  5430c306108d2752ca19c5f408cd7ab04684397c
- SHA256
  
  c2dc533c968f60c36a5bb64dff8e6517db897d36e975aa87c5ffb84a77d02659
- SHA512
  
  72499e8fb86443bb95dca93ec2d218108b6d0fb6e5d6ac17a217decf4f4868c4229488833b8524991ac4bd24b32d1af5afb090ba0eb70bf1c6d06d94d89da70f
- SSDEEP
  
  768:TRRRb+C3NxEjwVxLTI8MtFgG62ZQ2RoOQGOfUP7zfFrZYowQpw5UCnK4jTTQi9O:TRRRb+C3NxEjwVxLTI8MtFgGJZQ28sPb
Score

1^/10
behavioral3 behavioral4
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./0.бļĿ¼.doc
- Size
  
  47KB
- MD5
  
  2b5f84239b3d34fb1791aa936d4b722b
- SHA1
  
  8525efcff38dff2e284101231b17f871e2784513
- SHA256
  
  b0966993532f6fad5c7039cc94bd9b18f8eb920b96d8bf59c839dabccecf0df7
- SHA512
  
  a38d923a96f54f1eff4c037b9d561fb7d8b56c864b027383940eba9bba7686d40fb24db46502e38c6fe98584e29d927ec3616ae76ca47b1efa890e358c88295a
- SSDEEP
  
  768:aDkCM+CVb0HjHyWTFIHSOiE24pWiTUQyHG0vIZdOoSvZrvyCh1LnivdoI0o/+phT:lVAPoC24X
Score

4^/10
behavioral5 behavioral6
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./0.бļ.doc
- Size
  
  30KB
- MD5
  
  f7721ee107d748ceb87fe92f310ffb67
- SHA1
  
  cbda4477c0f86e4d67a3b7a70a7b9912bec24f0f
- SHA256
  
  f839d850d05b95868dbce6bb0ab7182818f4091730f5d8238656473979de7dd5
- SHA512
  
  189d9ca6d07610aa3b88ba0055b932ef72c42281b7ac6f61aed2dd6538147ce0e12d6f213754b18f8108efb87dd03f74e323cbeb7fda27d0565b249d202f04f3
- SSDEEP
  
  384:WM1EWtBwxm0gVbvDdm/9mJ8sFIOqJ2222CziSZfI/PKRKirbg315:Wf2SXgVd6eo2222yAPoO31
Score

4^/10
behavioral7 behavioral8
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./1.Ͷ֪.doc
- Size
  
  59KB
- MD5
  
  7dbb00648d2bf7882d4eaf6b5aa599d2
- SHA1
  
  c2b046bb2f8cc517074557db56c69d2bf96a3e43
- SHA256
  
  ab43874f0c119306dea06510381ded99b1a07842e48f1878cd9f6d614bad6e2f
- SHA512
  
  67f18ec5d285aad7090868cd6701646c9eb04c9602ad9cf6749e2fb8d0ca60fdb0c14cada5881fbe20bea5ab51739d6ca62662416e435ad614b6d3d7a2fb52b9
- SSDEEP
  
  768:T1RfwPTwpRGYh4IRS06qyqt0oAPoumh/qditxpma6C0oWDIxz99:5JwrDYa86jqt0oAPoHcav0DI3
Score

4^/10
behavioral10 behavioral9
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./2.0Ͷ.doc
- Size
  
  33KB
- MD5
  
  6dabf742634437075791506e0e598da3
- SHA1
  
  7a82869bcb204b312f4d39f22a7e3b5c6d71fa32
- SHA256
  
  faec7d8d2d8232c9318403261c69cb3575a1fd7bbc799d19b350dae840e889f3
- SHA512
  
  3f310f37277d399b164d78ec043164820efdbe25100e872030c0a7ea2b20c5dbca807f4bbf6f5a199c1198a0da7c7b4a8a66a68e96ac7847c54c26023792081a
- SSDEEP
  
  192:ydyynETpZmAp+b29msfnaNJyWw0NVoX6/6rZfI/vXKaqkQBim695eKSR+B/B:6yynETpZ2CmOaMliSZfI/PKRkQBib5x
Score

4^/10
behavioral11 behavioral12
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./2.¼1 ŵ飨1ͬ¼.pdf
- Size
  
  35KB
- MD5
  
  383538a3fac5d4ff546876ea6c52149b
- SHA1
  
  7684222cd6172980c9ec6b6330072b8322ee23b4
- SHA256
  
  8d63a802684a3b6f5774813655d60de42b58e656834e046120c71f3cdf1fe575
- SHA512
  
  45a92dbfe0c540b55b20249001c616d8a11ca7bea863f768ad13bb8b570a50931014ac82d11b78573652971dd0a52f4c2394925b7f4ba58cfff925986a3efa0d
- SSDEEP
  
  768:UlUUmFHBzTnN0j875/Pupvw3qMpvl0on5WHWy3h4n+w:lzNtTnN0g75Hevwato5W2y3Vw
Score

1^/10
behavioral13 behavioral14
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./2.¼2 ŵ飨2һŵ.xls
- Size
  
  92KB
- MD5
  
  1b308dad66fe8bed16702ed86488b6dc
- SHA1
  
  eeaa65009294e640485fccf06a52f73ab387fab5
- SHA256
  
  b3031ff3fce6494914e3349bf3baa4f4cf10d2ef43af0cb845f3346e26119027
- SHA512
  
  c69a36179cc32351762d893daf13e9d098111db1e6d57135fe959f812c9dba1ef2ee1aa059228d5b2f89036d490047a0e6bd91b29874b622c2176af1367e7eb8
- SSDEEP
  
  1536:4OOOO67Dy1SNmVnLziCdymRxoiKTMEO3Qn6v7yZmspH7+7alMiEZClsPI4ukoRWJ:a3Qn6v7yZmspH7+7alMisPI4ukoRWGN+
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral15 behavioral16
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./2.¼3 ŵ飨3ر.xls
- Size
  
  105KB
- MD5
  
  1654c5d2d91f05db425702a4a0212e0e
- SHA1
  
  d72769ee73be6cf375bfcdff1b325e39ce1be7f8
- SHA256
  
  0efbdf69acc7efefa80b0078c847814749873d4739efb7020001cb4521985e09
- SHA512
  
  7d33f8a116c3956b539e06b23d86b58a782375e0791cbe8b5ee6103b3fd12cf9af0d79cbc55a11b6531b8ef2af38dfc75ee02e0aca541d7c70da1e43c7b7a372
- SSDEEP
  
  3072:HQQn6v7yZmspH7+7alMisPI4ukoRWGNwcWVbrziKm7ITkPXyww33XjUJtXw8cMgw:wQn6v7yZmspH7+7alMisPI4ukoRWGNwy
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral17 behavioral18
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./3.ְͬЭ.doc
- Size
  
  50KB
- MD5
  
  3c160aef316ad4e67a410e45ca3112f6
- SHA1
  
  113d0389723c057db6fc1956437cc0dabc1e449a
- SHA256
  
  8d2af34b234cbbe5f0a435ad421a23b1f4752c308be9613dbf9b99177cd0c271
- SHA512
  
  03ba4a0a6c080086caf9cf487079a87b0d4c632083458faec0fe9b5af9b9738ed56c2a3329b69df672c65eec1db98ab5d8d5d99b7c60f9669f275484a274a4af
- SSDEEP
  
  384:xH0WLbZPtrs3rHr52lfTRtWLfJq1yqH8R5JqRwqAGR8ANnkmEjt6Ha+L73ubkSen:uaWAv3g4APo27
Score

4^/10
behavioral19 behavioral20
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.ְͬר.doc
- Size
  
  140KB
- MD5
  
  024c70ae8e30330a51101c0690b81df4
- SHA1
  
  228f6b4cf902800941ab399a7fe9a999db9e2ba1
- SHA256
  
  f6e13f25d4b0b588a779775d48f7c43143027b0edcebb6ad86478253e06f34bd
- SHA512
  
  9f80b0183bc35249fd95fab6ec613d3baf6c9fa500ceedfe48572b028a4af82c0d655deb74d6742276c385d7443773144a9da5f4cfd5917e7258b2ffa5052d03
- SSDEEP
  
  1536:MVx3r/6XJ51UfuOwMLuFPlxiwhTtfrnE4YNhqjGxSOqXt:MVxzYvUfxwMLmLhTtTn/qh6d
Score

4^/10
behavioral21 behavioral22
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.¼1 ͬ¼.xls
- Size
  
  109KB
- MD5
  
  60c38b854d589f183efb61a4a35417c8
- SHA1
  
  9eef3058c4293e6d38e06b284b8438e6bac73996
- SHA256
  
  c827c06b8d0656a0885398577a150e3e9a5a34aa8d7902693f599e13638c4d4d
- SHA512
  
  07a9f4f0d8fb84aa536c4c31038367f53539ba026a621f184889f5bfa9620ee4553b595204517be0724b2563792e4c44ec46ff23f0dba550a078aa543e415e21
- SSDEEP
  
  3072:MrQn6v7yZmspH7+7alMisPI4ukoRWGNgrG2AEWVbrzr6B7ITkPSyww33XjUJtXw+:CQn6v7yZmspH7+7alMisPI4ukoRWGNgk
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral23 behavioral24
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.¼10 ïͬ㹤.pdf
- Size
  
  142KB
- MD5
  
  e63aac8f15b43dfab5b6863aede10196
- SHA1
  
  bf6e9606813f647bc8e50cad4600fb4b1899f4fe
- SHA256
  
  03fe55328bbf46c86a21ae2797d9df0128a10c8f034885d085e35f64b8cc73d7
- SHA512
  
  12abc77df616f655cd614173155d655d5518a2228df5b638f0400355f6a7c147b485a2c1769cd4f9ca292e378dd3c82c46f02e759ea9f33cf2510a9241c29302
- SSDEEP
  
  3072:Q9++KW/Kmu70x2MyEdOERq/GZbzvnMLbB0Ts+a0v:Q9++KW/X2ubqYzvnMLbm1aE
Score

1^/10
behavioral25 behavioral26
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.¼2 ̷Χ.doc
- Size
  
  50KB
- MD5
  
  559cabd43fffaa6bc5d79255f5c39305
- SHA1
  
  1140b177e0be1056683693cff99adbce4259c7df
- SHA256
  
  50cdcec245e9d5b81c9d7e3e19bebf2f39a1c9feb6f7fc3c06817a67738f14a2
- SHA512
  
  f3be53392c0073863abfd0bf3155392aa7cd80b00634259cd76a2c5ab444ef9fd3f105f26547f54b5fec5eb32762110ab40d44265a2f242ce36aa32996fb4ac7
- SSDEEP
  
  768:9Q7ytpBLX5fL7BBMPHRGcuHIIPiwphZT3dfm2nqDXiX8qyAPogmTt:9LiwhTtfrnE4EAPogmTt
Score

4^/10
behavioral27 behavioral28
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.¼2.0 Ŀ滮ֱ.xls
- Size
  
  188KB
- MD5
  
  66f85cabd399b02d8556444f6300d8b0
- SHA1
  
  846d9a8a90bc8d762798b8b5f0f7ac9fef190c1b
- SHA256
  
  46ba5abd46413c18bfee0a5cd797587c335baa4d6fde4ad35742174925598de1
- SHA512
  
  305945cdb0b19257c9e99f28b84cdee55a1b59c7039ee7a67841549291de433f763321b401127716791fb49a8df8a845cde58cbb70068d62e732f8bb31afae82
- SSDEEP
  
  3072:Yhq1gxv7yZmspH7+cclKisbqb+xTENDiVWxqg7yf7pFrSMW+56eOTWVbrzQ7ITkV:D1gxv7yZmspH7+cclKisbqb+xTENDiVp
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral29 behavioral30
- Target
  
  K1-3K2-2ؿбļ/02.ļ/01./4.¼3 Ŀ.pdf
- Size
  
  231KB
- MD5
  
  e9821719c78d60293bfe85c83085e71d
- SHA1
  
  9076f488205ac1f5bc38f889241acde94b00b9e1
- SHA256
  
  d06660bacd42a5734e7c0b31ef7473a2a9f5916f1ea94ba943b6de3a4104086f
- SHA512
  
  4d579579759bf971211a22080814835edfd2d1a53197ca465ee649066f562952940ca846be472daad77cc58a0eddc0cd269b8e9825a075528223ad44659d2782
- SSDEEP
  
  3072:buGJYhwrQxVPu2iyq1sMVTjbmnDvlkGPD9ssOT5VxJEb5k0cWhx6q6qfUzRjJZQc:bus0ux1TVTPmjjrE599U1UnZQnkyy
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Hidden Files and Directories

T1158

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

Process spawned unexpected child process

Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32