b6269018ac32484bdc093a6bec324fc9aa7990104a297f55600d31bff95ed6fd | Triage

Sharing

General

Target

QEK.zip
Size

862KB
Sample

231004-tp8k6sch9t
MD5

8440700ec4ae3139e2cfa49af6cf9b33
SHA1

b030847c0c8d788dc035ee8b61419f1350982f06
SHA256

b6269018ac32484bdc093a6bec324fc9aa7990104a297f55600d31bff95ed6fd
SHA512

4b1f1c6459ff7f51dbc141a6864b71246c6a518486fb753dc1c3797e9364746a441da451159c8f67a90f0572a703b6b41eb44bafe6289f4905654b6b4b0c2128
SSDEEP

24576:a+TaOijDryUFpCmRn8rFNXf2uopYVxLfUwK8Rq2:a+DizymR8rFLWOfxZ

Score

7^/10

link pdf

Malware Config

Targets

- Target
  
  WX.pdf.lnk
- Size
  
  1KB
- MD5
  
  4081b99306478e563fcb8737ea368029
- SHA1
  
  49a54cbbd519c1a10835542f704ba174e65d078f
- SHA256
  
  77dc2c45251101c6967d9368de8750fff2c5981e5452c8539e85dfae2373703b
- SHA512
  
  6b0e0a44d8cd13af1788c961090a4b6d895f233158917f6c06521081d74cca9509882ff0fe1cc4a1dd64d5c491bced52e5f45eacef0943e993d85b1b8936eefb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  i1v/zN/JI/eWJM/MVst/qI/1Q52/uURq/QIPJ/J4Xw/J6V/CO/bOs8/GMV/N53B/Abqd.pdf
- Size
  
  37KB
- MD5
  
  2106b4662418345d1f9b6c4520c22910
- SHA1
  
  fb263c98307a87ef9ab6c499befcf82d95c0a6e0
- SHA256
  
  88047debdd1580ec5095313e5195e9490e1029ecba31a8f870d767731e17543d
- SHA512
  
  a99042039cedfe13fc6fb67c0b59a08c7f0aeca6812a2dc60372e111f24b8bf09b2639ee1ef4214977b04c96caef5e9b92554fc81ce34d222ee47c0ef5813635
- SSDEEP
  
  768:coZHfYvmC9yQLdEisA66Now0CTjyU//Svozsg/PY67szes05XHGF/pGe/ZoCd0Cb:coZ/YO6dX1Xrfszzcml
Score

1^/10
behavioral3 behavioral4
- Target
  
  i1v/zN/JI/eWJM/MVst/qI/1Q52/uURq/QIPJ/J4Xw/J6V/CO/bOs8/GMV/N53B/bootim.exe
- Size
  
  26KB
- MD5
  
  9e65f3bf408cc580bed4ecb0d91ac58d
- SHA1
  
  1d0ecff74bbc4f1a56583773492198a84546f105
- SHA256
  
  99660e380163afbf4d66341364909f904e9695ba2872b5dc1df575498d2bd344
- SHA512
  
  dacc80ff162de5f818334c9ed6ed988459fb11caab99bc27a1b03251d2e582a425e6d93a94ac21b68b58fa7b18bfe2b75c92c1497439073a2632907b5768b719
- SSDEEP
  
  768:pq9FtEU+i2u88EoO7nwF2IDec322GBwQB:8pUuBqwFLec5GBwQB
Score

1^/10
behavioral5 behavioral6
- Target
  
  i1v/zN/JI/eWJM/MVst/qI/1Q52/uURq/QIPJ/J4Xw/J6V/CO/bOs8/GMV/N53B/xSa.log
- Size
  
  855KB
- MD5
  
  cf46f0cd591e50c425136470505e8a9e
- SHA1
  
  0e3d1488b9aa104aa0a39966132a70a47165aaef
- SHA256
  
  5a5154c5843a18d3912063b827ef541a709aec4132b847d75d7e634683acff8d
- SHA512
  
  3bddf5e233dbd8c4554c73050b0299892b7132afc1bdc67882daa309e0bf1767430aebade35977d06564f41477eeedb5840595cf2446e28d7d47d03179a1a5e4
- SSDEEP
  
  24576:v7UuAhS4VYKBOSR45LlxAh/uSLKAlr/A/cYV5fN:6/YVSulxb1AlurF
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8