General

  • Target

    invoice and packing list.7z

  • Size

    713KB

  • Sample

    230125-mvcmcshd6y

  • MD5

    d48d9b38fd7c6694faddfc56532a162f

  • SHA1

    5ea1aa18cfe7439ca327892f4b46a6a7347fb311

  • SHA256

    7ee91a4932e5cb653496cac1b636ba6ea5e301313e3c058d1c32ace08dffd96f

  • SHA512

    5faa29197f21bfcd0c31d04e5f4f2aaf7a25c808fd943b675dd5409d8c5e48f1c21b4082df211703a783697649203920415b9999c69df63b1ee35173ff588e82

  • SSDEEP

    12288:OMYJKUcJdEXAxb8JYi6en87CK8EdtfQNdAJ3EmLCsQJc+KBjwKAjZoAA+N5:O1XcJGXAxwJYipaZQXAJUu+4wKA1+s5

Malware Config

Targets

    • Target

      invoice and packing list.exe

    • Size

      863KB

    • MD5

      629650941c646616da246f363ac31b64

    • SHA1

      61c75662747d73543a4fd4ef522fa4e1d68a2123

    • SHA256

      5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e

    • SHA512

      f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67

    • SSDEEP

      24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

      Defense Evasion

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Privilege Escalation

                  Tasks