Overview

overview

10

Static

static

1

Victoria537.zip

windows7-x64

Victoria537.zip

windows10-2004-x64

1

Victoria53...mo.rtf

windows7-x64

4

Victoria53...mo.rtf

windows10-2004-x64

1

Victoria53...lp.rtf

windows7-x64

4

Victoria53...lp.rtf

windows10-2004-x64

1

Victoria53...ew.rtf

windows7-x64

4

Victoria53...ew.rtf

windows10-2004-x64

1

Victoria53...mo.rtf

windows7-x64

4

Victoria53...mo.rtf

windows10-2004-x64

1

Victoria53...lp.rtf

windows7-x64

4

Victoria53...lp.rtf

windows10-2004-x64

1

Victoria53...ew.rtf

windows7-x64

4

Victoria53...ew.rtf

windows10-2004-x64

10

Victoria53...mo.rtf

windows7-x64

4

Victoria53...mo.rtf

windows10-2004-x64

1

Victoria53...lp.rtf

windows7-x64

4

Victoria53...lp.rtf

windows10-2004-x64

1

Victoria53...ew.rtf

windows7-x64

4

Victoria53...ew.rtf

windows10-2004-x64

1

Victoria53...sh.lng

windows7-x64

3

Victoria53...sh.lng

windows10-2004-x64

3

Victoria53...ol.lng

windows7-x64

3

Victoria53...ol.lng

windows10-2004-x64

3

Victoria53...ne.lng

windows7-x64

3

Victoria53...ne.lng

windows10-2004-x64

3

Victoria53...й.lng

windows7-x64

3

Victoria53...й.lng

windows10-2004-x64

3

Victoria53...st.rtf

windows7-x64

4

Victoria53...st.rtf

windows10-2004-x64

1

Victoria53...ia.exe

windows7-x64

6

Victoria53...ia.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Victoria537.zip

  • Size

    1MB

  • Sample

    230327-tqfxjsgc8y

  • MD5

    6f1223c60caf4053d5c68dcd62302ad8

  • SHA1

    b84319fcead5f9226f23a3e5bddb58a261ac7b9c

  • SHA256

    a66b7869d59bbf90b5994332bac57bcbc0b377cee9f0c59c078795ea7b4c99d1

  • SHA512

    8fe27d9541fd9a746a40c3777ddbd9de10b739b8bc3a21bf9d681fa23a21a3c0621070d040b2fd8246716ba8fae9ab8054acbfab410885e63b564327a4b24221

  • SSDEEP

    49152:vOOdFAN5MFWWuHNc4RPdV5JpE6t86mIVB2z:vR36rWuHNc4XV5Jpi/qB2z

Score
10/10
bootkitpersistence

Malware Config

Targets

    • Target

      Victoria537.zip

    • Size

      1MB

    • MD5

      6f1223c60caf4053d5c68dcd62302ad8

    • SHA1

      b84319fcead5f9226f23a3e5bddb58a261ac7b9c

    • SHA256

      a66b7869d59bbf90b5994332bac57bcbc0b377cee9f0c59c078795ea7b4c99d1

    • SHA512

      8fe27d9541fd9a746a40c3777ddbd9de10b739b8bc3a21bf9d681fa23a21a3c0621070d040b2fd8246716ba8fae9ab8054acbfab410885e63b564327a4b24221

    • SSDEEP

      49152:vOOdFAN5MFWWuHNc4RPdV5JpE6t86mIVB2z:vR36rWuHNc4XV5Jpi/qB2z

    Score
    1/10
    behavioral1behavioral2

    • Target

      Victoria537/Help/English/dcomemo.rtf

    • Size

      1KB

    • MD5

      b37c2599a7e0ee739136ec4342616fcd

    • SHA1

      31ee8064a1b29732a0233362e094c7439182a467

    • SHA256

      dddceee9ccbbcacfad9f4c9e04608dde42e43158985d6bebe761e2c1957d0908

    • SHA512

      2910e2ecacbf81674507eff539299384ecc881a7209bc8f0aab8faf50350bc4bf83ca741a75a868c78dd7f90da79f8a29bad46225d0fdc26d9c097c43f11054d

    Score
    4/10
    behavioral3behavioral4

    • Target

      Victoria537/Help/English/vichlp.rtf

    • Size

      144KB

    • MD5

      43fed3d6537208c280faec0ff8242692

    • SHA1

      c479f33945019328d863f1d532abd98e82282e96

    • SHA256

      fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933

    • SHA512

      c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1

    • SSDEEP

      768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0

    Score
    4/10
    behavioral5behavioral6

    • Target

      Victoria537/Help/English/whatsnew.rtf

    • Size

      240KB

    • MD5

      9f5fc0015ace5bcb72d208c8cc53663a

    • SHA1

      f07ee8c118cf835963507a04e083da6bfce22658

    • SHA256

      119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06

    • SHA512

      13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de

    • SSDEEP

      768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH

    Score
    4/10
    behavioral7behavioral8

    • Target

      Victoria537/Help/Ukraine/dcomemo.rtf

    • Size

      3KB

    • MD5

      1464993b633f1f6b0eeab7469076a369

    • SHA1

      9bddefe8c22482bc220d93f05a62ef3a138429a3

    • SHA256

      1afe0c42931656985a5955514d49a250ee07fd2a9de67fcdd45c9f492a11abd7

    • SHA512

      6e86850cc6c8ce32b85bef6f79d03106dc369c5ec217bc4db05d3731d43ba67129452feaaf5ea4d38cb0ccfedf5f39b13d926a71830449880fb7f0299a109dda

    Score
    4/10
    behavioral10behavioral9

    • Target

      Victoria537/Help/Ukraine/vichlp.rtf

    • Size

      144KB

    • MD5

      43fed3d6537208c280faec0ff8242692

    • SHA1

      c479f33945019328d863f1d532abd98e82282e96

    • SHA256

      fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933

    • SHA512

      c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1

    • SSDEEP

      768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0

    Score
    4/10
    behavioral11behavioral12

    • Target

      Victoria537/Help/Ukraine/whatsnew.rtf

    • Size

      240KB

    • MD5

      9f5fc0015ace5bcb72d208c8cc53663a

    • SHA1

      f07ee8c118cf835963507a04e083da6bfce22658

    • SHA256

      119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06

    • SHA512

      13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de

    • SSDEEP

      768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral13behavioral14

    • Target

      Victoria537/Help/Русский/dcomemo.rtf

    • Size

      5KB

    • MD5

      190fe7511f89148f6a9a928a40e446b4

    • SHA1

      914686dffc21d193d7023f1f637f88420cb48c6a

    • SHA256

      412c444c4964149afc99a8dbf9ad7da975a81bf605c264770536438349901ad6

    • SHA512

      ec5079bf91bbc72e6937566962583c1784e9f0b7b6ce2abe9b418f23fcb7da901cbb7fed131d6db3f394d199fabb00cfb9cefedba816fe45dd810fe42701d2e0

    • SSDEEP

      96:5+DfMwJKmgUn+lZSmkODOMgtZXAjlMhTigMRJWBGUJ5zIiUGtm7c5lHLNaUthdTC:kDfM0KVU+SQgfXAjmhcxMzjtm7c5lHLW

    Score
    4/10
    behavioral15behavioral16

    • Target

      Victoria537/Help/Русский/vichlp.rtf

    • Size

      144KB

    • MD5

      43fed3d6537208c280faec0ff8242692

    • SHA1

      c479f33945019328d863f1d532abd98e82282e96

    • SHA256

      fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933

    • SHA512

      c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1

    • SSDEEP

      768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0

    Score
    4/10
    behavioral17behavioral18

    • Target

      Victoria537/Help/Русский/whatsnew.rtf

    • Size

      240KB

    • MD5

      9f5fc0015ace5bcb72d208c8cc53663a

    • SHA1

      f07ee8c118cf835963507a04e083da6bfce22658

    • SHA256

      119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06

    • SHA512

      13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de

    • SSDEEP

      768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH

    Score
    4/10
    behavioral19behavioral20

    • Target

      Victoria537/LNG/English.lng

    • Size

      37KB

    • MD5

      1fc68fd20e3e589d8f9deb05279620b7

    • SHA1

      9cf0a22e1921ee54b2492ebb56ee184817517c23

    • SHA256

      0969ada3e06388b76778cf92287bd3f4fea90455c99c95682a33e96411ac9abc

    • SHA512

      ab9d320b0ca83f98525a104ef476c14600b4ca8f95c147f4524eae70e39a3df4f4cf83ee2e228040727fa0e7d644340da830fc7cf68573ac24a6706c9d1980e5

    • SSDEEP

      768:xhJi3x89Dbnk6/bplfotTIOj8fi/ympY89qxUGibL/RQ5QQmzCLTgrA4yyO2oVch:xhEh89DplUjBz/GSzq8bPOpVhMlKvY

    Score
    3/10
    behavioral21behavioral22

    • Target

      Victoria537/LNG/Español.lng

    • Size

      42KB

    • MD5

      9c1a4869b6be1974ffac76af96f1b4b4

    • SHA1

      ef83cdfc7f9af0f44113669cafaa2bdd7b34e340

    • SHA256

      585a86f13d2c91500ecb2afb1e6d4f81e5b00fe6b7a218a1756d04ef0f7e7697

    • SHA512

      d6420444e9e4bb4c6200ceb017e01bfa6fb3d49c955ff62d8976692f246d8124c02c261b8c715cd2f8faff48baa617d1138f4ab49d632fb2be44da484d44c1a9

    • SSDEEP

      768:51D5Jh3B8d057+dNXN1KfzHPNRe8MoRnRuyMjMDD3gpZUtcsDkrT/ZqVltrprawC:5ZE6odFN1KfbTTMuRttgYdQrT/YLtdmf

    Score
    3/10
    behavioral23behavioral24

    • Target

      Victoria537/LNG/Ukraine.lng

    • Size

      60KB

    • MD5

      378e4d25078b093e10914bcc2d678e0a

    • SHA1

      a4371b8415c04ce775d2b32db68fb14a9725a1fa

    • SHA256

      aeba810a306cb5b2d397cd1fed4e6d717ccff3b6c30e015bcefcd9f1430e8d57

    • SHA512

      ea99e2b3d93d5cee596163c83d89a5fe3a9be401543d85d4e2e76a66224eae86d32922b5e7a32e407cc2e638c13c1af67955d123bc4dfe075d5669f5f48f70cf

    • SSDEEP

      1536:BLXDxQBB/sc+/3LWdyq3rbh7fdUNqtYFOIk2c33A5fNhtSkLXf8lfL:E/sp/3idR3rblRp3alPklT

    Score
    3/10
    behavioral25behavioral26

    • Target

      Victoria537/LNG/Русский.lng

    • Size

      63KB

    • MD5

      8eb2e4625b22de5d03394ce3a157d0e6

    • SHA1

      e9fb257d4182d706daa9b52c93c363f480cf26f2

    • SHA256

      f63e61b95b254787dda221a4eef1748ac6d28c4275e919ba171cf4db29b1b41b

    • SHA512

      834dc71609666d6c78eb6dd08c483d1f90b11ca842857b3bcb50b8732d7be110b7e9fb8852a8d589ca3b176c710aa02cff2a03a400f227f1089bb511f4a4cd8e

    • SSDEEP

      1536:e3PNlADQ0xiem1Vctbai1OchsR0aXAglQrExlku:QADJiem1EbaYOKsLxlv

    Score
    3/10
    behavioral27behavioral28

    • Target

      Victoria537/USB_SupportList.rtf

    • Size

      10KB

    • MD5

      f566493c6cb084ef1360d58cf36d441d

    • SHA1

      3f9948445663723eb707fd45144fea4e13ab1434

    • SHA256

      43f3560e21418001b6aa5f319e6431d8310692899437727fe099fe580b1afeff

    • SHA512

      2c1dca1a527d69013088062e3dbd3333ad62e1e367bdccdb6f036f8fac5b784398e19023b1b9aed68ea6c6779a65004658cc5588ab9a61c75d2bf0035e6d431c

    • SSDEEP

      192:zVQ6UTi4ygQbjVfNYepa3t+qyDmN8qMGxwD9KwS8kXcFmDfpylp0ETmlojyHcPeL:6e4y16eG+q29ZS8sTp6xT2YLEmkOD2

    Score
    4/10
    behavioral29behavioral30

    • Target

      Victoria537/Victoria.exe

    • Size

      3MB

    • MD5

      613a1546bc8f67a554d2ae2b3a0873a6

    • SHA1

      acd2f871df9048e40032a6b082b5545537c313d9

    • SHA256

      fba0b7d5c042f0a13fd5b875f6f13989038ca188d6de6f505ed52bc85ac0de48

    • SHA512

      802855c9ca71b6502cf7529136e3bf67f3829e1283b67ca36e4f7e863e55c499ef8379384b13053399ab162ae7a601a906503db7a5b3bd09860d1213915dca31

    • SSDEEP

      49152:SxKLuTiHzQ6oSipy03foa6TvNn4WhFbUToml/2QWP1e3n2wkJOs5Kg5GTV8MWGo:SxK6THDS+WhSH4vP5g8MWG

    Score
    6/10
    bootkitpersistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral31behavioral32

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

10
T1112

Discovery

Query Registry

20
T1012

System Information Discovery

24
T1082

Peripheral Device Discovery

1
T1120

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

1
T1067

Privilege Escalation

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
4/10

behavioral4

Score
1/10

behavioral5

Score
4/10

behavioral6

Score
1/10

behavioral7

Score
4/10

behavioral8

Score
1/10

behavioral9

Score
4/10

behavioral10

Score
1/10

behavioral11

Score
4/10

behavioral12

Score
1/10

behavioral13

Score
4/10

behavioral14

Score
10/10

behavioral15

Score
4/10

behavioral16

Score
1/10

behavioral17

Score
4/10

behavioral18

Score
1/10

behavioral19

Score
4/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
4/10

behavioral30

Score
1/10

behavioral31

bootkitpersistence
Score
6/10

behavioral32

bootkitpersistence
Score
6/10