7ee91a4932e5cb653496cac1b636ba6ea5e301313e3c058d1c32ace08dffd96f | Triage

Sharing

General

Target

invoice and packing list.7z
Size

713KB
Sample

230125-mvcmcshd6y
MD5

d48d9b38fd7c6694faddfc56532a162f
SHA1

5ea1aa18cfe7439ca327892f4b46a6a7347fb311
SHA256

7ee91a4932e5cb653496cac1b636ba6ea5e301313e3c058d1c32ace08dffd96f
SHA512

5faa29197f21bfcd0c31d04e5f4f2aaf7a25c808fd943b675dd5409d8c5e48f1c21b4082df211703a783697649203920415b9999c69df63b1ee35173ff588e82
SSDEEP

12288:OMYJKUcJdEXAxb8JYi6en87CK8EdtfQNdAJ3EmLCsQJc+KBjwKAjZoAA+N5:O1XcJGXAxwJYipaZQXAJUu+4wKA1+s5

Score

7^/10

collection persistence

Malware Config

Targets

- Target
  
  invoice and packing list.exe
- Size
  
  863KB
- MD5
  
  629650941c646616da246f363ac31b64
- SHA1
  
  61c75662747d73543a4fd4ef522fa4e1d68a2123
- SHA256
  
  5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e
- SHA512
  
  f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67
- SSDEEP
  
  24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au
Score

7^/10

collection persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionpersistence

behavioral2

collectionpersistence