fd4335687473a74e5e432753f5c1757f8ce774afcf8b5e804ffbd9b2844a520f | Triage

Sharing

General

Target

Instructions.iso.zip
Size

129KB
Sample

230306-slj8qsda25
MD5

1cd538c98efccff114e192245793ec5f
SHA1

fecbed0931e6d19d7fbc82c6d191ac1e565c891c
SHA256

fd4335687473a74e5e432753f5c1757f8ce774afcf8b5e804ffbd9b2844a520f
SHA512

f48153c7febc03e7784125efb612a5ecd6b20260da8da9d5a8c7e5550a8ebfe90df6e117416f3d9cd0e7fc148adebe0852bfc414c2e3a1a6fa05c9ad7818cbae
SSDEEP

3072:Bh+CnFUNW0wKOviI1UAXYowwUw4Io5x4rp:BECPKrylooh4Io6p

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  BUGSPLAT.DLL
- Size
  
  265KB
- MD5
  
  cf36bf564fbb7d5ec4cec9b0f185f6c9
- SHA1
  
  8eb64670c10505322d45f6114bc9f7de0826e3a1
- SHA256
  
  e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98
- SHA512
  
  39e1f522ea424e437fe97b65ea65acb08069f6a88be61503ee75224108d105bbbec7374d8013017e78efe4e4129128316e732726cd96441d6db529556716847c
- SSDEEP
  
  3072:tUEmC94lAhNLdHZS/Y1s7kNf4RqWs4e32pIYNxHaaBzpodfOYFdUq20vP0X6/q:/s/YPNfEqWKG2kHaaB2kwUq20v
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  INSTRUCT.LNK
- Size
  
  1KB
- MD5
  
  38b05aa4b5ba651ba95f7173c5145270
- SHA1
  
  01424a07b968b5659c58c6d11f32f01475921a05
- SHA256
  
  dffaefaabbcf6da029f927e67e38c0d1e6271bf998040cfd6d8c50a4eff639df
- SHA512
  
  6a04622aff5ba794d15d8516a76469ad2b81c05fa690b9c21389dcdc1ebf285d19a58ca1451c370234316f740ee4d602c188236fb74d0255ae89025d03c5f455
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2