General
-
Target
files.zip
-
Size
225KB
-
Sample
221205-wb5cpseg5v
-
MD5
1ea28e2e6c8fd1aaa2742ad3e0a805bd
-
SHA1
4c73abba890dddd25e3d06f6386d5033e59421d7
-
SHA256
4ce24c022e799db363340739967bfe40edc4ed1d81588a86007eb16c8ec601e7
-
SHA512
9a8d32c9fa1c50594051a66f29f1946bf892ae7e1b026105777805cdc08ced7f6e6de3f6bb05e4270c981320235fb1e634b55735a4c51c02296170fdfcf39a69
-
SSDEEP
3072:Ct3tJCTUtEmYXK8mzKSBAnbvIBOx8HRxRupjMbycZ5KYU3aUgsheatst9OjeHAGA:C5tEmYXJmmbn2TueWcpmgfLYF+I5H
Static task
static1
Behavioral task
behavioral1
Sample
8969122ef3485d.ps1
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8969122ef3485d.ps1
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
8969122ef3485df.ps1
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
8969122ef3485df.ps1
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
PO-12-5-2022.lnk
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
PO-12-5-2022.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
document.pdf
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
document.pdf
Resource
win10v2004-20221111-en
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
8969122ef3485d.log
-
Size
24KB
-
MD5
dbe7e2c61dae4abd32c335f281aba3bc
-
SHA1
ea67556c09a8d1206da53f534bbdd1d8fd90beaf
-
SHA256
8b1a3a5a86823d261bad786382bd1d98416022cdcbbccc9b158517fd1c3b1ec5
-
SHA512
adfc28a0b9e83b3b65ec1680b65a01111c2209022d3a97f2da984bb081ca0acfc1a5666c2856d447c15ecb219f8bd78c87366f70d6f413d538a387b25729a879
-
SSDEEP
768:GRoYsM/gzp15ILVndPrwt1mBy0XqFSJFhpre6jFwnFl:GST5IL/PkPmBlXqcLh5ljO7
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
-
-
Target
8969122ef3485df.log
-
Size
424KB
-
MD5
7e17e5f94d45e854c6855f557d4c3b62
-
SHA1
dc1894577c77ea178a40510d676fc31e4049bce3
-
SHA256
d19fc72db9725c704b88f4dbf52fdc11d609d6adeedaafa8b79ca76dc7da12c2
-
SHA512
80f6dbc86f5825b5935d775614e531981fcd0d768092e83f6e364514ae6ec868b916d057c739f0cf8e2226aa5a495f72d1aafed1b9196a9ce5976994be38b6bd
-
SSDEEP
6144:cJg4cOlXYM0DPGj7fw0xB2pPBrGyMsY7iGBa5fIoYAUdfv05Xs0lHBMjMlzN0s:cu4cO+MkPGI4MpPBrCi1B+05Xll90s
Score8/10-
Blocklisted process makes network request
-
-
-
Target
PO-12-5-2022.lnk
-
Size
2KB
-
MD5
4f86eb0c1fac722e4c7b4f6f089bd127
-
SHA1
9d459b6ebc01d6e937785e1e118000bebdd3f700
-
SHA256
89a1a6cb000a66b841ad26a8d0d5af507cc17efc00a109d61d52a65caa4cef43
-
SHA512
c8f1d53629d14ddbe84b6878104a773e7a1bd8da47ab2b3d5ac04955916978bd79db0a9c3a94652889580344cf21416d7791b2982afeb7da5839ce33c7cc76a0
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
-
-
Target
document.pdf
-
Size
10KB
-
MD5
8a7cadbe3c40344007c5334b41f0e8cf
-
SHA1
fbc916f065157cc5a13f22453c19f7dfecc3c228
-
SHA256
3902e1734b1d0187d3404dafa4616212342630cb46913242060f485e58201a75
-
SHA512
8c5e0d7a938ac13537041335d5ea185e83e025b6da138c0c3c49794825e873a52c048b08579711a888bae6e9fedc03996dbb5a2696844bb5335b8f96017dcbdb
-
SSDEEP
192:GWY3Ro9kPRzjVap5F5rBfHOHAo9u8wGW1/Pgk/pDqX1TX5DESqyuZnZgprCZ5npK:GWaHhjVsHmAocZd1/f/pO1VDULERCZ58
Score1/10 -