General
-
Target
50fa244bace65606484686c04.zip
-
Size
191KB
-
Sample
230710-qdcgtaae69
-
MD5
99adfb109eae208947fbe0f912efe8f3
-
SHA1
00ce583f6b49e0191dc857da42ecc9ee89b58998
-
SHA256
50fa244bace65606484686c0468c38c07cacf8d51dd4be774e231dc94b63371c
-
SHA512
ae52ace6ac47dc2dc26b9875b1c14fa7cc30ec03309ec2a50c2965601458542fd4ed88b818a138aad2ca32d4a7a6eeb6743f92f7f056592b15a56c868faa0656
-
SSDEEP
3072:nF82mrnPNnW0Z3lXCwPhaV58b29Zi+K3OQd+D9+22Cep5og+tnGA+BIUus0bJUxT:nFezlPhCwJaV58b2pIAY22Cep5gtnGAE
Static task
static1
Behavioral task
behavioral1
Sample
Invoices.lnk
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Invoices.lnk
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Res/TVPSkin.dll
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
Res/TVPSkin.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Res/hskin.dll
Resource
win7-20230703-en
Behavioral task
behavioral6
Sample
Res/hskin.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Res/tvp.exe
Resource
win7-20230703-en
Malware Config
Targets
-
-
Target
Invoices.lnk
-
Size
1KB
-
MD5
cbe684367925c53f7a9026f252011724
-
SHA1
ec8cf089aa811c009683c8ee4e5183750ef0452e
-
SHA256
744abbb0d8d00bc5eb058ce47ffffa971c7dbd03a9b204c67284080e99d982da
-
SHA512
7d06394b39ee7b7c9570307fd1f6349fa440ed3d21f8f1ee67ae35c9b3bacabe214b47830e498e56f2fd51f02de44ec2e1625de21abdce5af5fec69f139fdad0
-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Use of msiexec (install) with remote resource
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
-
-
Target
Res/TVPSkin.dll
-
Size
124KB
-
MD5
66759c30143666d21dd98351df325c76
-
SHA1
9091be6630ad170d15ca6a6722ce53619ac61229
-
SHA256
e25b35196098206f4ea3903652eed409207a900863a4d7df5edb1c7ba1d94c93
-
SHA512
c27a54bc7565db3776c18900d044925ba7e121cc3ecdf8bac02cf40559e41c280b2b0ee0871803d7c85c5d98e4b0b9ecac3ec7d32ee99b59c61632be64e928d3
-
SSDEEP
1536:GPgVjdZ5PzDpe5zgCG1DT8vzsJkRU39PvpqfHvCuv/Aaz4Isxhr2Rejvz:GPg9vdDpemCG1ezZsPvpA6uQ4QTqRw
Score3/10 -
-
-
Target
Res/hskin.dll
-
Size
132KB
-
MD5
1de37ff829502f5cdeffd86e5ddc5351
-
SHA1
355f026d6f8c43956b8d326026038bf809f7350d
-
SHA256
3eef905a3c6b0729f2ec13924dbf51af6b5d72d256a0e8959e7bd929b7e85294
-
SHA512
78134588efd2003740c3d569d834e9dbfc45df9076bc30d7d8007dd7258f5a6f7db354ce950793e6f93f8a8d90c96cbba938864f759637bb707aa575d6485947
-
SSDEEP
1536:giS5zJfm6ifXMBNJSZw4SLM5Eauu2jebBmSCmjoJJCWueh0q:g7zmrfXNZ4mpBjjoJJCJeCq
Score1/10 -
-
-
Target
Res/tvp.exe
-
Size
228KB
-
MD5
de2052aae5a5915d09d9d1ede714865c
-
SHA1
2161a471b598ea002fc2a1cc4b65dbb8da14a88e
-
SHA256
1d3f51b33070b5b8f11c891bb160f5f737151f3a36c2e24f96c2844b089a5294
-
SHA512
914eb403bc0662266e9b00f52da192463ae782c301be5279579fe88924451fa8b38a9cc9e689499ae7240259e7c03310980f06a5f7cd1b90bda0b3948fb5d1b3
-
SSDEEP
3072:0QUurm/I/Pc1fsrHxbGL+9QD2pkIanLqf0bAadkp2guonxKzjMMDE0BB6p2wkLqj:lRrXECWDianeuonmRankL
-
Blocklisted process makes network request
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Use of msiexec (install) with remote resource
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-