c56757f3853975037f10885fabfe913292f6ed35907311f05942d2d39c42ecf5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Paypal Receipt Generator.rar
Size

1016KB
Sample

221228-ybr4gsbd54
MD5

c926023aa9be9781cc93facec56885d9
SHA1

94504a681163e58cedbf3f26d2a300f7d681047e
SHA256

c56757f3853975037f10885fabfe913292f6ed35907311f05942d2d39c42ecf5
SHA512

9fcb7c562cae94bb97a580c5115d9b88035b3390b1023f3e194554d9f8056af40e076adb0805d2d251220406d9c578097aba12bdb92fc5a36b701b1034587afc
SSDEEP

24576:0Fd9KpjN8xoWlFd9KpjN8xoWXkwSH2RLuYiqPzlATjX:W3i8Go3i8GEkh+utOlAT7

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Paypal Receipt Generator/Paypal Receipt Generator.exe
- Size
  
  181KB
- MD5
  
  61b9eec49bba7a8bb490d2454bd157c0
- SHA1
  
  babbf1514382c1f4be7ed2737c2f20eb5f0c89b5
- SHA256
  
  fa96eb021989d85864fbea80a33153a47540542b6232820b8057b73e39806186
- SHA512
  
  32bdc7fa01a639c8f9325c72d6f8b399c40a633fa20e136e7e2ac7e4498969f35c38d5c260b0ed7bb42617795f3d1de73131b4e3c7b23ccd46a4c6171fa5d6d3
- SSDEEP
  
  768:eec4lj/EePn4he/bkZJ8mwOfllGsLlRhaOty4YgpmFXw4jQI6uAf/2sbA4zyG:u4lYePOfz80GsBWOtyzgpv0G
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  Paypal Receipt Generator/comctl32/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  Paypal Receipt Generator/comctl32/comm.exe
- Size
  
  34KB
- MD5
  
  128f289aac451a2d4662cdc4fc6169e2
- SHA1
  
  fda55cd11c49cb4f2fde7d2fa22feec86b203547
- SHA256
  
  8936bf23cd4e748603d74386901806fe345c152801959129c26a6a6f25bfc35b
- SHA512
  
  3f1325d933910d1eda8ed2b683537791081771b4a543f1c9ce422eb6919e540168a061fd852751b6db454bae8101be3bbf60f549d30b8396e30bee8a300a5f1d
- SSDEEP
  
  384:+guXKl0xPKtzDDYNqUNf4WZH0Q8BMR1bGLgm0i/JOH/HTeX+OlL8Vsv+HJfPVbc2:+Ml0xP0MbGLH/AKCJ3VbcYJzZkurd
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3