General

  • Target

    d48235f529e34ccb9a0cfac63e9495113499452b317aec2e8b3ed836ca23cb52.zip

  • Size

    227KB

  • Sample

    221201-t8cb3sca4v

  • MD5

    24cc4b1194b8a8aa2e6ac5cacae7e002

  • SHA1

    a3a94962d6d902d65ade04114106310342ba4c9f

  • SHA256

    679e06b34326eaf4aa427650820a3fcc523d5b82f3e8eb8d505f51ff33d55828

  • SHA512

    bfa2e2fcf7f5b2e70874bfc78452d3277c7a3c58c9ab9b240dc0d474823595375378c5ada938426ba133b3af7648d8380087c1300f8e9d3f136a16f7e4b63430

  • SSDEEP

    6144:y3Bu8aBPPQxsSAqlezV38JIOffdxsw6C3215qH8Ox:kg8qVNV38JIOfLVZ25qH8Ox

Malware Config

Targets

    • Target

      Attachment.iso

    • Size

      822KB

    • MD5

      1ff6225f783595cf3a0c11720fa945d8

    • SHA1

      4d71522a9cbf2f050f1b369f18351f6eec89b46e

    • SHA256

      d0d1b77c34afe7bec255227fc946e32890e7f6abff67e913d7ef4ea5e33efacb

    • SHA512

      3074e2212e10ac32b5bee3eca1ce9b324a85c5866b24c0086838b5ce336c380276f0616befe6c0c10d9cbdd1c95ed9c6de5eb3f3101d4f91cccb890f74b7b669

    • SSDEEP

      12288:3hU0sdb34MkPGI4MpPBrCi1y05XlXNgLZRwUm14nY:vpki13jgLZRwUm1v

    Score
    8/10
    • Blocklisted process makes network request

    • Drops startup file

    • Target

      8969122ef3485d.log

    • Size

      23KB

    • MD5

      914dd9891afe574b611e2e38a162ae1f

    • SHA1

      ad4c9126bcf2e534cd355107c301d01832889610

    • SHA256

      304d6a87f624d74df2bf37c458b2f06c525aad947886413befac892c1d89a394

    • SHA512

      33a70a75e956bcdb70c22b27c2f3044d6c527e3a10446cb6654431ecfbe326d69631b8ad61bb8f8bc8399f6122bdc229dfc01a607cec38587d39dccc67dd902c

    • SSDEEP

      384:k6dBkkPyac1Vzzgq2wjvulFcagjATRdMa5oE4BW2d4yvnR:/bXPY1VzzgOecag0DMaclDfR

    Score
    8/10
    • Blocklisted process makes network request

    • Drops startup file

    • Target

      8969122ef3485df.log

    • Size

      420KB

    • MD5

      06b8feae2c9d9f2940cb9dca40d553c3

    • SHA1

      b246ed8055ad9e7bb760795e054224d406ec8a20

    • SHA256

      93b0f19011468a4864c114bcbcfc55f460e2c789b14ea893c26ce450d3c21a9e

    • SHA512

      d0285b2a638ff76fe846f41118c7e6e2ac741ab071ec63432fc8406b181ebf187c0d77f45740eb26a193f348b15db478a7d6c96c6f92df6a7464b46c9a3f6818

    • SSDEEP

      12288:hhU0sdb34MkPGI4MpPBrCi1y05XlXNgLZRwUmm:tpki13jgLZRwUmm

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Blocklisted process makes network request

    • Target

      Attachment.lnk

    • Size

      2KB

    • MD5

      4f86eb0c1fac722e4c7b4f6f089bd127

    • SHA1

      9d459b6ebc01d6e937785e1e118000bebdd3f700

    • SHA256

      89a1a6cb000a66b841ad26a8d0d5af507cc17efc00a109d61d52a65caa4cef43

    • SHA512

      c8f1d53629d14ddbe84b6878104a773e7a1bd8da47ab2b3d5ac04955916978bd79db0a9c3a94652889580344cf21416d7791b2982afeb7da5839ce33c7cc76a0

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Target

      document.pdf

    • Size

      10KB

    • MD5

      8a7cadbe3c40344007c5334b41f0e8cf

    • SHA1

      fbc916f065157cc5a13f22453c19f7dfecc3c228

    • SHA256

      3902e1734b1d0187d3404dafa4616212342630cb46913242060f485e58201a75

    • SHA512

      8c5e0d7a938ac13537041335d5ea185e83e025b6da138c0c3c49794825e873a52c048b08579711a888bae6e9fedc03996dbb5a2696844bb5335b8f96017dcbdb

    • SSDEEP

      192:GWY3Ro9kPRzjVap5F5rBfHOHAo9u8wGW1/Pgk/pDqX1TX5DESqyuZnZgprCZ5npK:GWaHhjVsHmAocZd1/f/pO1VDULERCZ58

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

6
T1082

Query Registry

4
T1012

Tasks