Overview

overview

4

Static

static

4

sample.tar

windows7-x64

3

sample.tar

windows10-2004-x64

3

CVE-2014-6352.py

windows7-x64

3

CVE-2014-6352.py

windows10-2004-x64

3

temp/_rels/.xml

windows7-x64

1

temp/_rels/.xml

windows10-2004-x64

1

temp/docPr...il.jpg

windows7-x64

3

temp/docPr...il.jpg

windows10-2004-x64

3

temp/ppt/_...on.xml

windows7-x64

1

temp/ppt/_...on.xml

windows10-2004-x64

1

temp/ppt/d...ml.xml

windows7-x64

1

temp/ppt/d...ml.xml

windows10-2004-x64

1

temp/ppt/s...t1.xml

windows7-x64

1

temp/ppt/s...t1.xml

windows10-2004-x64

1

temp/ppt/s...10.xml

windows7-x64

1

temp/ppt/s...10.xml

windows10-2004-x64

1

temp/ppt/s...11.xml

windows7-x64

1

temp/ppt/s...11.xml

windows10-2004-x64

1

temp/ppt/s...t2.xml

windows7-x64

1

temp/ppt/s...t2.xml

windows10-2004-x64

1

temp/ppt/s...t3.xml

windows7-x64

1

temp/ppt/s...t3.xml

windows10-2004-x64

1

temp/ppt/s...t4.xml

windows7-x64

1

temp/ppt/s...t4.xml

windows10-2004-x64

1

temp/ppt/s...t5.xml

windows7-x64

1

temp/ppt/s...t5.xml

windows10-2004-x64

1

temp/ppt/s...t6.xml

windows7-x64

1

temp/ppt/s...t6.xml

windows10-2004-x64

1

temp/ppt/s...t7.xml

windows7-x64

1

temp/ppt/s...t7.xml

windows10-2004-x64

1

temp/ppt/s...t8.xml

windows7-x64

1

temp/ppt/s...t8.xml

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24de2b71477635f2bdb96e6990ed37de9cb8848dd29210ffe8ddd1d0ec948734

  • Size

    1.2MB

  • Sample

    221126-ve19sahg94

  • MD5

    51af3b88b8d31e4eede4d66ec8ec98a1

  • SHA1

    6d6de3d79122f30db977493033da635fd8c6a74b

  • SHA256

    24de2b71477635f2bdb96e6990ed37de9cb8848dd29210ffe8ddd1d0ec948734

  • SHA512

    e2085951dc779feebfaa9a47d3f1c9b305571236677d7e8bcf57384866e9a65205bc0ada36b40965d9398d6f523484b507b298d4c64e27a5cf7e4f74c0331251

  • SSDEEP

    24576:8a7F0lTqGaE+PQU0OVAgbvDmn30+Z9sXvjwflkHSMn2gk1H6O7ssOUV:8ah0dqW+P/GMvSnZ9yvkflkytP1H6gs+

Score
4/10
linkpdf

Malware Config

Targets

    • Target

      sample

    • Size

      1.7MB

    • MD5

      665ad3ec72b0bafa64bb336ecd156b9e

    • SHA1

      74d32a81a9c6165d8c477c23836a0719901354a2

    • SHA256

      843ec4f0c893555b6a5ccb7b0923d061f879b4f11adc2bcc376c922fb59fefaa

    • SHA512

      343125ac62765560ed4781b089215910ce2ab4c36a37e3ae2ab9c9a9a4176d2f2261cc5333c440678722ecbe082024c53f64a002b2221c2e7c5264ebef04ade9

    • SSDEEP

      49152:6IYq0+N/Z6eM09o5HF9wBS11iTSvN8yu7L2K:xYq0iMnjB7wBS11iTSI2

    Score
    3/10
    behavioral1behavioral2

    • Target

      CVE-2014-6352.py

    • Size

      22KB

    • MD5

      03e4b8cb40edf5b73bc381f9391162dc

    • SHA1

      b886c6550510c9b83bc6630f6c3493ec05e85fd1

    • SHA256

      843c67233c84ade4b7188185379c3f68f5ef07090602a6fce41747fca7e10cdf

    • SHA512

      2a4abb5c80992155c331c6a656c28672707020562bd330a234feb04ac5041660c81f5da34394e93d390f27bc05722e4d59d9df2fded4e23566fec00faaea74fe

    • SSDEEP

      192:q4f7212OUSqaxzomyoSNPThTSND6knxi7ElS/m5GK7:q4z212nmorFhVE

    Score
    3/10
    behavioral3behavioral4

    • Target

      temp/_rels/.rels

    • Size

      738B

    • MD5

      c998d43f41d203e175f271a558f6ebbe

    • SHA1

      68508e0ae59a010ce97ba8269f2c9cb53f80662d

    • SHA256

      de11af9d3b354316b50c10ceff7203f24686fe9cbd4202a5e4655398a4c5004f

    • SHA512

      2e324155faec8528f870d8f0ffdcd1c6a47042d75579db2b1fd372fa400e8b571d20b1f819e97fee29a7ea92701840910c47025e2802d1126f9d8b271f5a42d6

    Score
    1/10
    behavioral5behavioral6

    • Target

      temp/docProps/thumbnail.jpeg

    • Size

      4KB

    • MD5

      002b9f226470460bd963198fd50d95d4

    • SHA1

      33279b3e424d1a268ddef8b1154137c70eb9a255

    • SHA256

      828a485a71d251824e13083d18c6d4c2b085d95ad8f8503530649d34776a6f7d

    • SHA512

      9848319838f2d5df358d65dcfb44c3b2515bfb4f1764a3b9efaebc3f96ac015dbff08da8099a6a522e784ae2aa5e8daab9619c3f7fcf37f002d1790a114d456b

    Score
    3/10
    behavioral7behavioral8

    • Target

      temp/ppt/_rels/presentation.xml.rels

    • Size

      976B

    • MD5

      30458f5e03556be70306d60af7fd4440

    • SHA1

      491a488a3193351732dd80623993be7a638c1c89

    • SHA256

      6c38eb3088da6ec9ee6f33f157e329c366fa21ea95fcb45bde372a249590822e

    • SHA512

      a881588ee40b18f012a39571b485463afb21323e0725c2d395d808d5131701cf97ce5247facac8a7fb8ee6d782cfd7c55ad93f54eb22753bec9a89a10200d3d5

    Score
    1/10
    behavioral10behavioral9

    • Target

      temp/ppt/drawings/_rels/vmlDrawing1.vml.rels

    • Size

      292B

    • MD5

      242d911f3201e3ae67c12d98828a6832

    • SHA1

      1ea30bd460322e4fa19f030c486c31b9f9625862

    • SHA256

      5a8e6d1316d56fad03cd50976fbb1912906ad937142c1b1d587547d439aeba53

    • SHA512

      cfbd66d5ed488d4cd7052ad1f0fb9a3873b02f46f5544df59e3f6ba4ff32dfa94af8e1f25867e549460b67f666867baa58ba0ef29356049337c651910efbcc06

    Score
    1/10
    behavioral11behavioral12

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout1.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral13behavioral14

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout10.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral15behavioral16

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout11.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral17behavioral18

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout2.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral19behavioral20

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout3.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral21behavioral22

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout4.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral23behavioral24

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout5.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral25behavioral26

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout6.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral27behavioral28

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout7.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral29behavioral30

    • Target

      temp/ppt/slideLayouts/_rels/slideLayout8.xml.rels

    • Size

      311B

    • MD5

      3403b99991b21ed32f5d796eae81897b

    • SHA1

      0e95a84096cd52097d3d2cdefa3f259e598be0b1

    • SHA256

      8246d333bf3764cd35563e3df1828c26bbc28890815a2987caf3e592791ba60d

    • SHA512

      29836bb54ac0f53bc11e5df71e76ab6a0eb0c005aba71a83685c0f1bdba8406662fbd51e79eec215f79cbafa4b2a88b1ddc087a0d6f0fdf1a6d666f068553495

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

13
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks