General
-
Target
sus.txt
-
Size
33B
-
Sample
221129-p9jekabd34
-
MD5
652747586066e24a04a8c518c7e8037b
-
SHA1
fd0b1016c319000db7f637d2a5ec69849f7084d9
-
SHA256
06661b993960db5564e908e925100252af536866ed911d6af581925e118c2520
-
SHA512
e5be8a41affa7b131989d9ba39af63237772c889a1347438dcd9599332d25e18f8babfcc8d960dd69f159dbe1e28c2eb3f9805e0792d89f692befac2fe2b0ca9
Static task
static1
Malware Config
Extracted
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/b61285dd-d9f7-41f2-9757-8f61cba4e9c8/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/834504cc-dc55-4c6d-9e71-e024d0253f6d/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/5462eee5-1e97-495b-9370-853cd873bb07/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/5440fd1f-7ecb-4221-8110-145efaa6372f/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/f4f024c8-d611-4748-a7e0-02b6e754c0fe/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/2e148de9-61c8-4051-b103-4af54baffbb4/Office/Data/v32.cab
Targets
-
-
Target
sus.txt
-
Size
33B
-
MD5
652747586066e24a04a8c518c7e8037b
-
SHA1
fd0b1016c319000db7f637d2a5ec69849f7084d9
-
SHA256
06661b993960db5564e908e925100252af536866ed911d6af581925e118c2520
-
SHA512
e5be8a41affa7b131989d9ba39af63237772c889a1347438dcd9599332d25e18f8babfcc8d960dd69f159dbe1e28c2eb3f9805e0792d89f692befac2fe2b0ca9
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-