4ce154cc8c0d952cd7364d9f295b37bb9fdf4efbed369464bbf95ba97cc7bf5d

Sharing

Copy URL

Twitter E-mail

General

Target

Office_Tool_v10.3.1.2_x86.zip
Size

10.4MB
Sample

231021-zzyfvabh97
MD5

7c8413a9e1ca1ebdd17220c34f139f57
SHA1

5379dd8c31b16cdc7296e875808043f2db1c46c4
SHA256

4ce154cc8c0d952cd7364d9f295b37bb9fdf4efbed369464bbf95ba97cc7bf5d
SHA512

693aab1ed1ef42509e2e1859e31c85b0831fabdb9b0c8e46d8e8263ecccde878883a1cb42e1bdf353f3df48e249bb9d98660f5b1fae31110d0732e8bdcd8c812
SSDEEP

196608:C1TKIKmJ8njZisZwxdHugmRHRN0cDUpDkISUCjAryJZvN1VmbHn+QTcCGHhELgRn:CpDJ8jUeUuNTRYpDkIahzF1Vxx5HhgS

Score

8^/10

Malware Config

Targets

- Target
  
  Office_Tool_v10.3.1.2_x86.zip
- Size
  
  10.4MB
- MD5
  
  7c8413a9e1ca1ebdd17220c34f139f57
- SHA1
  
  5379dd8c31b16cdc7296e875808043f2db1c46c4
- SHA256
  
  4ce154cc8c0d952cd7364d9f295b37bb9fdf4efbed369464bbf95ba97cc7bf5d
- SHA512
  
  693aab1ed1ef42509e2e1859e31c85b0831fabdb9b0c8e46d8e8263ecccde878883a1cb42e1bdf353f3df48e249bb9d98660f5b1fae31110d0732e8bdcd8c812
- SSDEEP
  
  196608:C1TKIKmJ8njZisZwxdHugmRHRN0cDUpDkISUCjAryJZvN1VmbHn+QTcCGHhELgRn:CpDJ8jUeUuNTRYpDkIahzF1Vxx5HhgS
Score

1^/10
behavioral1
- Target
  
  Office Tool/Office Tool Plus.Console.exe
- Size
  
  139KB
- MD5
  
  be8e7c8e21e4e6458fbfbf34a7620853
- SHA1
  
  fb808e44b94a9ebc9d68516492e003612871b7fd
- SHA256
  
  97febaaa6fef5e998818d685558c58c0e2820daa825fbe656909b7994d22c691
- SHA512
  
  5d3b788b61000947efa04327ffbd330630dc17dfd7bf2bbfcdaacf04dee23b92b87278c33d36cb63980c22bb78f3e6df2d5191851362e13c13d229786e3bee1f
- SSDEEP
  
  3072:j5KS66wPh5FXLbHoBqgzCMQ94W5E7S4KX2JqQaGeeU2JS7m:js6wP5q7zNm624qZQaGep8
Score

1^/10
behavioral2
- Target
  
  Office Tool/Office Tool Plus.exe
- Size
  
  5.5MB
- MD5
  
  fa5dcbda7b48daa667da90beb66fc538
- SHA1
  
  4abc5f1a6851e665230a2d09b37035c66cae2b0d
- SHA256
  
  89ca2b6d940f074e6b0c419a0a459372bc17e6cfeb208edce3749c495c915855
- SHA512
  
  b6179586fb1d5d9a191d5f19f29474758ab56fe051ffe9c1c2dfcef6ac3cb2973ed7f42b514316bc674a167a9d85e7f07a267d533f9e23595e705e878290a8de
- SSDEEP
  
  49152:2Tbb+ND1CNx4s4Kiy6+MM9D32Qz4okHP+TRa/tS4eaCPfl2cnXT12CTw:Y+d1iFDmQz4Ws/peaCV2ae
Score

8^/10
- Downloads MZ/PE file
behavioral3
- Target
  
  Office Tool/files/Thunder/MiniThunderPlatform.exe
- Size
  
  262KB
- MD5
  
  9f1d3dfac55080c712c0281fb2eeeb47
- SHA1
  
  9109f9457f811d8d0e887469ffc9c2af793e8090
- SHA256
  
  a5622e2bf46cc2ec90c4dca70372f051bfb5bf55da3788b5dfca9429529d285b
- SHA512
  
  7e2df7f2aff2d95ca1dbe0dfb7c8c9388c7e8c023c8b9af9b6997140cefcca63fe5980a438b70da03ab6672c94033fb4e50d407c54530b5ce0b9169c39c50879
- SSDEEP
  
  6144:zPH9yqri3YL1Avg3NloWPx9L8FXLOcautvT0euR:zPgqri3YL1Avg3NloWPrwXLOv9/
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral4
- Target
  
  Office Tool/files/Thunder/atl71.dll
- Size
  
  87KB
- MD5
  
  79cb6457c81ada9eb7f2087ce799aaa7
- SHA1
  
  322ddde439d9254182f5945be8d97e9d897561ae
- SHA256
  
  a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
- SHA512
  
  eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8
- SSDEEP
  
  1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
Score

1^/10
behavioral5
- Target
  
  Office Tool/files/Thunder/dl_peer_id.dll
- Size
  
  89KB
- MD5
  
  dba9a19752b52943a0850a7e19ac600a
- SHA1
  
  3485ac30cd7340eccb0457bca37cf4a6dfda583d
- SHA256
  
  69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26
- SHA512
  
  a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3
- SSDEEP
  
  1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB
Score

1^/10
behavioral6
- Target
  
  Office Tool/files/Thunder/download_engine.dll
- Size
  
  875KB
- MD5
  
  c818df90f4eda9a4a048dd656d0a4ea7
- SHA1
  
  79d66f736df36b689ae9c3c4fd382d15f1dbcdba
- SHA256
  
  677596b043cfe0bcacf19d60ba202696b95830adecdeb2a3054fc625479623ec
- SHA512
  
  21382150e1ccf35559c1929d0fb482a9361cff869b500ceaa9c0a07928a66fa9fd28b767346877ffb02b87eea8b3e6e00f658c02243b33cd860adc288c7f600c
- SSDEEP
  
  24576:3Ong+jST5mDj6BJGOz36LAtvhb6t6x+8Bv1a:NzM3uZz368tvJ91a
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7
- Target
  
  Office Tool/files/Thunder/msvcp71.dll
- Size
  
  492KB
- MD5
  
  a94dc60a90efd7a35c36d971e3ee7470
- SHA1
  
  f936f612bc779e4ba067f77514b68c329180a380
- SHA256
  
  6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
- SHA512
  
  ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab
- SSDEEP
  
  12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
Score

3^/10
behavioral8
- Target
  
  Office Tool/files/Thunder/msvcr71.dll
- Size
  
  340KB
- MD5
  
  ca2f560921b7b8be1cf555a5a18d54c3
- SHA1
  
  432dbcf54b6f1142058b413a9d52668a2bde011d
- SHA256
  
  c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
- SHA512
  
  23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e
- SSDEEP
  
  6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
Score

1^/10
behavioral9
- Target
  
  Office Tool/files/preferences/de-de/settings-access-de.json
- Size
  
  57KB
- MD5
  
  ba0d877b0fcede3e5fe8dbe7a0f3fd31
- SHA1
  
  3870dddaabd5610eb5e27c4f78e018be30ef36a9
- SHA256
  
  3e730910cc1121034f7ec23cbaa3e356d612c2909b5d5e50cc02b13cd43a30e5
- SHA512
  
  f8da17bda843281fe110e76a3bac2e2da622b1f71b1eb464d6cc541b5f510b7638852836f530f40608e860eb0425411738e08156bbe1d9feca871845acfabbf7
- SSDEEP
  
  1536:9DLLwLl1OB/obxeb+sSyAvejEhNgnJn240lsB5:B2qJJ
Score

3^/10
behavioral10
- Target
  
  Office Tool/files/preferences/de-de/settings-excel-de.json
- Size
  
  220KB
- MD5
  
  97fb4098068bd8b36b235e009288b132
- SHA1
  
  6285376787dc879ff948bb009168149c0c0fc331
- SHA256
  
  b92091353582c982edf8968c6fd6ba439bb4639a4e7cc1e7a68459b60b987e2c
- SHA512
  
  221c9949db8907b0873f008bec93602c7fd3418e23d8038c7b470890fea10e912ec5b1895325eea3f8377757c47ed1aa8d8897466fa7943bb09eaf599746bfa6
- SSDEEP
  
  1536:goicE/wHUQ4CKZhogxP/SfOJUml7C9qEeb+sSLl8eCJhsngWJ3s+mkjtAVjJZxLF:HirOGlNN03Hl3zczGmxR1
Score

3^/10
behavioral11
- Target
  
  Office Tool/files/preferences/de-de/settings-office-de.json
- Size
  
  929KB
- MD5
  
  4b4e0d4b037d149d31b856663e89765c
- SHA1
  
  6b51b0836d553a57f215a3224b1a43452f6ce2f7
- SHA256
  
  1aae2976caeae662e0e445bc8d05720bbd045075a67268ae9d599c28fa9a7aca
- SHA512
  
  95a43431323d385ee2c9a26be7e3bd1e21080bfe27c2a2d13e4c6c7aa47782f0bc5ca44779b65eafde9c9c41d83d92cdbff6f4c631a147d3865c412b07ffb110
- SSDEEP
  
  6144:8NxIMTP0b6+XBcf+q+rzm0S6wYO7tNNjCbH:8NxIkHjCbH
Score

3^/10
behavioral12
- Target
  
  Office Tool/files/preferences/de-de/settings-onent-de.json
- Size
  
  71KB
- MD5
  
  61329319eab74c72a813ddfe3acdb67c
- SHA1
  
  bc852ecab5d92d5c8110634efd37625e8a0ce22b
- SHA256
  
  c2b6e4709c71b40454ce433921d1e4022e4219cb2a9d355bfad65a10cf2f57ac
- SHA512
  
  0b62b264e670c07accd1a171460e7c10d1db448a91d2e6800adea9728bf508a1cbaf880a1a58afce00c48d2f5fb90b53e4acddfc3f960895e7d3787b3b9eb571
- SSDEEP
  
  1536:DvD2FG58HgnuSPBmEeb+sSj56eOthGsMhdVhkbjZp7mOmAc+on8579CSec3vhGCQ:v25REkbX7mOmAcp8B9CxTx
Score

3^/10
behavioral13
- Target
  
  Office Tool/files/preferences/de-de/settings-outlk-de.json
- Size
  
  383KB
- MD5
  
  5b2d2adbbbf9d87d8213e1c720c9009e
- SHA1
  
  875fd437fdf8c9709973aac4fe73369b1b490554
- SHA256
  
  b6e14214798a40e2f82c214a3ac9d7e26282500b4ba1034d75c070ca52beb50d
- SHA512
  
  b28a345952633584fae548524bc58e101f1d94782c7264514be6cb1c17f99de523fb4a84db9ce0e2a9cb4aa1c5a92f49fa35650e2a66d10e392ac66410188488
- SSDEEP
  
  6144:B4GnvZpDYIXU0nSF6HjJDO8FwIxraZbPbvfEoMoz:WGnvZp1nSIFwF
Score

3^/10
behavioral14
- Target
  
  Office Tool/files/preferences/de-de/settings-ppt-de.json
- Size
  
  150KB
- MD5
  
  67c9f82fa815dd9b12534a0fbd2f3a5d
- SHA1
  
  694a9868479e9ba8cc07ac518098da5fd26cd72a
- SHA256
  
  c2f075a511b848e710adcafc6a02326afb3c728316ac2ff5a8e7a10bc6a756b5
- SHA512
  
  dee9c0e909f3495729340fe7af72ed59701fb43d305773116485e5f7fc67c2b6789083a1b6330ce4c35cdd42e3861d4e6fdaa692e2d3a61608e527ae4b341fe2
- SSDEEP
  
  1536:N/M4M2EZlVc/s37bZZsD8yDteb+sNRPKCer+h3N4g5JMwiO9eNP9oueDfZEX8wKQ:N6nR/zrA+m6RW
Score

1^/10
behavioral15
- Target
  
  Office Tool/files/preferences/de-de/settings-proj-de.json
- Size
  
  183KB
- MD5
  
  9aed4c47c73c6faa67173f9c634334af
- SHA1
  
  73b120d9d6c7746497dff2bfa00bd77d07955fdd
- SHA256
  
  86b8b2237c46831bffdb3d34aa042d40ddac73f79ead80a873e375f52a5c02e3
- SHA512
  
  d24f16e193cce9ef91f4a4c784fc2aabf86ecdd23ca08d46e2db2f64ce8b9ab2fc1c0f870a0317b4751add24c5ca85e99cde72e1aea296f85c7a03604b694445
- SSDEEP
  
  1536:0p3aC7CYlSktaqhZk0PsTPcqc2syUXuB8epYEY/6YrwGvvHTAA8fspWl/M7+IRlj:/cl/FwGvvHbjzytEFOhAfn2LQ1U/EhMm
Score

3^/10
behavioral16
- Target
  
  Office Tool/files/preferences/de-de/settings-pub-de.json
- Size
  
  27KB
- MD5
  
  74266c61663c5ac0b1ea7cb6c3568431
- SHA1
  
  58b7127f118dd86dcf37841e37c1f8779342591f
- SHA256
  
  a587a51e5858d9fc5b006929d5b5a3a4f4fef9da93370e95a2b34744d8833b56
- SHA512
  
  67c37437ce96c3e5a04567fe005ddefe8645d95339aebe2f9e12a54d9a4700d52fc775e49983291d78025eef172402e00a425f0d562d0099ff7d97901ad3770b
- SSDEEP
  
  768:VCQ5VoVqeH4Dg55LSt2NPki02U/HKYlIe1iu+xQtiClrhLetwo/Z7Ka59iDWiSXV:+QPB302cOIkNA/
Score

3^/10
behavioral17
- Target
  
  Office Tool/files/preferences/de-de/settings-visio-de.json
- Size
  
  79KB
- MD5
  
  cf5a3e082c63ae3e68954f3b4466b1c9
- SHA1
  
  78633db88fbc51037f9a1102180382af9c7e8dde
- SHA256
  
  7728e189edf0c44e9c6d3e3a8c4ea6c20666990fd3f72d07c454e87c2512afed
- SHA512
  
  1b1aacfbcd7ec98fc2ffedf4ed2ff4c93b4dd4ddf476650a87b3385d3e54c20bf84ba42a1bd680d7b341a41c33975bee59b146f38baf04b6cca5da2201dd5d91
- SSDEEP
  
  1536:B8jDjKWcZlGiug8J8UeLbD8Ki+pd6z2Fzv7OL8:1S2Z
Score

3^/10
behavioral18
- Target
  
  Office Tool/files/preferences/de-de/settings-word-de.json
- Size
  
  280KB
- MD5
  
  923a392b35acd50238ca6141e97c8ca5
- SHA1
  
  a546e7e3851bfb051373836dee09943455aefaad
- SHA256
  
  f94ca49fa57916ec9a4a24f3b2aa11311cc9ebccc29fd5f20a13fef8d054fc70
- SHA512
  
  1090c196e85464c9b6c9e36f69ca4017bb3e9f6d26f81e0b82f8bada1ba2712f4e0fd5ac800985ceccc78d2d699ab5e6b4fd5a0d6e3567ee103501d77cb0050c
- SSDEEP
  
  1536:qR+hzyIscv4cQziRRqGUF+eEWLxeRVXriYt59p40gbrd72u2ARxhBCkeb+sSHJAB:qRsLsF+yIiGqYDHn29+JA9HmRRr
Score

3^/10
behavioral19
- Target
  
  Office Tool/files/preferences/en-us/settings-access-en.json
- Size
  
  49KB
- MD5
  
  65b2795c28bf525ceeb37c9da2dc388e
- SHA1
  
  e0a9a1c3c23b92a9600ee6f398e4ec6d9adb077b
- SHA256
  
  7e6be73436127bb8e28dc0c16dce2e25d6e4d98450fc447b70065d290dfe7ad2
- SHA512
  
  637aa0081c4bf724164fbfe528514a9eb2724e49c1f0fa701158f48adae3b0c801b7298f215b3a6189273051959b338f6c5f16e46e5d35556353cb90b2beafe7
- SSDEEP
  
  1536:jFtp8ROzdhZMP9jcNwhOPeZXQKRzIz+VC:xCzdIzoC
Score

3^/10
behavioral20
- Target
  
  Office Tool/files/preferences/en-us/settings-excel-en.json
- Size
  
  192KB
- MD5
  
  9de1b03ff0beb0929bc1c0cb3e2a2d5f
- SHA1
  
  8a1b41a93951ed66102275d51db3b5ebc443cd19
- SHA256
  
  19752458024c85451c244e0741656a5507d6df2817edbe009a9ae604b91a3ac2
- SHA512
  
  f22e60cf0f6418c9075dd98d25e960d23925a077dc164ef3bb10da4554b451fa061bd3d421e919449fb60b3378c5a1e81c6fe2246c2af81e69e2cd69a18c9730
- SSDEEP
  
  1536:hSKVL/r3Wmf2l2ioluSWTuchuwCAAVhXPn0a0jTJFTlXc/UmgacOUXSAdzMpbBtT:BxRnqA5mxRK
Score

3^/10
behavioral21
- Target
  
  Office Tool/files/preferences/en-us/settings-office-en.json
- Size
  
  844KB
- MD5
  
  75a0e8c2f4b1cf8db99cf4b1031bf866
- SHA1
  
  acd52365431af708e4c95b177ed2b5f51ee863d8
- SHA256
  
  6f3d09fb37d8dfa72ece44426152cbb42261e62354d789d5ce6cfd610e88769f
- SHA512
  
  b25bbbc58e90186209fad174e04be682b41a255d9193d0634af1ebfe57bb49d0c43e49358e1b19cda1e4cc439480005617d23a22c29fe45dc43d404a27185d6a
- SSDEEP
  
  3072:RHl1Rx4G2Ndc+ymW60Jx/N2wrWhUN4Y//bd9Jp3X7JLOnd5nfW0+5GScPicUOKcE:J5xdmwd9Jp3X7JLOnd5nf1K
Score

1^/10
behavioral22
- Target
  
  Office Tool/files/preferences/en-us/settings-onent-en.json
- Size
  
  64KB
- MD5
  
  a26509c932254e3e7f856b5cdb7b3487
- SHA1
  
  49c46bf63f52d19fe53b10d27d2452c4aaa94fc7
- SHA256
  
  4bc96239b0a6bf0596de11c434089e9a5e267ec074975ee7d7e846fd884a63e8
- SHA512
  
  179a47f62145e6a63ebbe26240079aa56b4f63222f87e6f2d7c708dda76f30953a60aedadee508569314032532d14d74e6c36dc6aa520ef6fe1cfdf25d5a1926
- SSDEEP
  
  1536:+mNEztH92XHO6RGGdsVagOlwphDQCbKOP30uRshnO9fNdHqiVOqMqWAPft64XOEl:9NKH92XGH3RshnO9l9q+OqH7H7
Score

3^/10
behavioral23
- Target
  
  Office Tool/files/preferences/en-us/settings-outlk-en.json
- Size
  
  342KB
- MD5
  
  fdb03239ff3eeb408497ad266ee44a4d
- SHA1
  
  b9163420ac95774d9e875b3d89403fa6ba931731
- SHA256
  
  cedf801bbf303650bdad6acca2314917a5d601fc769d8ce9f6533dfd01d822a8
- SHA512
  
  ce388ed206c0b18529e449deb895a5fa7ffbcda9bc4028434360ddf23cb6c41eff7a648f12ec4b19cce2b944bf68ab20c2ec9c912fcc2d414a0efd845c55afab
- SSDEEP
  
  1536:KDGcAOy5pXyvJRO+1xsMPq8hUl0JlGgr3PfMs6IwrXmWS6K6en4wW3wn5FZmn1O0:nxB70CmF8Y4rOg7MdA39gW9N6tpl+nkq
Score

3^/10
behavioral24
- Target
  
  Office Tool/files/preferences/en-us/settings-ppt-en.json
- Size
  
  131KB
- MD5
  
  3f1854ec8bbd5dd57f645a6dafc7bd10
- SHA1
  
  6c1398303fc92626cdbee65a7bfebf7d208b3bc5
- SHA256
  
  eb02366cde6e0a3863a2ff60dc70104daca9e2bc3f5ab0e063354d85fe112b2f
- SHA512
  
  9be2bc6aa8b38a5f1b93c00c84b8bac0735ee1ad3389da1c6e06efae972915b7e118126fb367919d36983b80958e834539a72a2aef58065f34962ecd953f0e66
- SSDEEP
  
  1536:qj3hnX2UtdW1mX1reZahUPmVYr6F9UoHNbJS9h0ARD5zmmDhRv:qxzanpm6Rv
Score

3^/10
behavioral25
- Target
  
  Office Tool/files/preferences/en-us/settings-proj-en.json
- Size
  
  163KB
- MD5
  
  499eb6d24c6f001f19fb0c687f409ca0
- SHA1
  
  88415d4ce5376cb2832c1531de83f89e3271e7ce
- SHA256
  
  2a8745e30b7f6acf0e392b6aee34bb7a8c71bfa1969e705b4b6499c6fd68acc0
- SHA512
  
  2503e097162592b81f8c23d149bcb308d45426137135bea22978a7cd6ed2ed3c8df38af85530ab83b7ea534d795bad1ef6ceb18eb3b69bef231ed90930408c76
- SSDEEP
  
  1536:yh3GpYXKl7XkpvtUk9CuTt08CLU+yUEqXyB1EwzzMCxYhAFV3nqFkQG8wfDKp19I:nTyKChl7XR
Score

3^/10
behavioral26
- Target
  
  Office Tool/files/preferences/en-us/settings-pub-en.json
- Size
  
  24KB
- MD5
  
  a933fcd44471a8a8df97bb6df14a0861
- SHA1
  
  a3d194d22a726dd09c152544f7b2f16539726625
- SHA256
  
  568cb78de80bdf41d2ebcf6cb728cba77c2ca0bd283f5e44274a99ec5d71809e
- SHA512
  
  482ea6dc5c298a100858f52dfacff7f54beae7be32b0767d43ad9eae773d1ae39c31f2c31b456d0ad5b3445f2d8d4f1ff33fda4c9cf1bedabc2d50d91599401a
- SSDEEP
  
  768:VC8lwVAk2HAD+5+LIt29kd0IUQHwY0IP12uUxQtFCGrsLXDKn5bDDKSr1RMxK+f/:i844jJxNil/N
Score

3^/10
behavioral27
- Target
  
  Office Tool/files/preferences/en-us/settings-visio-en.json
- Size
  
  69KB
- MD5
  
  064777c678c1cc754235c8b455a4656c
- SHA1
  
  fd26a4aeb5d9d6eec1826e97310545cdfb469f25
- SHA256
  
  a3c6f8ae9d2120905bbfa86af5745c180d9c88238d0c1e3fb5105d06466baada
- SHA512
  
  5f97fbfd013d86ff5cef2bac111c7ca8a6fdc38b4e23fd421ceb608de6bb8c41f5fbd271459ace6ace813e4d1e584beae685018d00aacbb0d4b64e4f2a4bc5b1
- SSDEEP
  
  1536:Q/QwTsBJD8lDfZJPtC7rGpxgMZk9Vtke6F2y98+CVW:/Bn77W
Score

3^/10
behavioral28
- Target
  
  Office Tool/files/preferences/en-us/settings-word-en.json
- Size
  
  247KB
- MD5
  
  9cebbf89b7817bf91ce23450fbdea3e5
- SHA1
  
  60d8a8b89cfe5d5afc35adbe165bf5cdb94058c7
- SHA256
  
  f233808c563dd31999fcbdb4068afe8e5d2dbcd39ceabb8dbc3f768cc51f6e6b
- SHA512
  
  72979dd17c099968cedf8ff2ffab8f51f347f446a52edf633efa6d3d4ddc21442bc20380ee21acb663cb0f264bfebdea669e045a176b39d873941f037534c75d
- SSDEEP
  
  1536:oKwTieHsnS6W73+16H+dv0qtcZfY7Dc9Wnt/IUJK/6Rl/cVGQaog5hDP/CgpnVcv:oxsnS3+fzBtono6XfQs5mRRE
Score

3^/10
behavioral29
- Target
  
  Office Tool/files/preferences/es-es/settings-access-es.json
- Size
  
  55KB
- MD5
  
  3a6e98720a98a79185b44a65d64646ff
- SHA1
  
  35bbadba4fac577255d554eb62d24891beeeb57a
- SHA256
  
  038582948a03192ad1fab268e5facb1b17108929ee7904a0453c614837e15b11
- SHA512
  
  c2ef6b567e0f32dc7c75515fef825969367019a636c802c4a46fdb8e2edd483a32d2f2200e72a85cf957f7bcd89acb6d23bacf75c94dee991e5fed81ba193db3
- SSDEEP
  
  1536:7j8hOlUJ54bTilebmmnM7BjzhoeKQq1J+cVUCpPYgbGtHGL+gVr+rlMop:H8MeXCF6p
Score

3^/10
behavioral30
- Target
  
  Office Tool/files/preferences/es-es/settings-excel-es.json
- Size
  
  214KB
- MD5
  
  5ecd6bd3cc58139735123396a0f75980
- SHA1
  
  b91db0fb3fae83b568f24c254a510ddabc4711ce
- SHA256
  
  2bf73c0e05df7aba15b859d1aaa899e2006ca90e825ca028982ce2fd4efa853e
- SHA512
  
  21b890c8dd3037f059732fb6c78258e22dabc06443b104a40e10fb43a59df8df32ffb3e8d6796ce2c66768caae7eded1d2e55569af5df51a4e21f3acc999fec2
- SSDEEP
  
  1536:TDvtefSeuR/K3hyBv97E8U27kxGilCrpKlffWhKGmCShwnKQxXuZeMBsT+aLePv2:9eaylC+BOo4DHzj45mxRL
Score

3^/10
behavioral31
- Target
  
  Office Tool/files/setup.exe
- Size
  
  7.3MB
- MD5
  
  25faf73dfd6e6e317e0feac53d45280b
- SHA1
  
  bf5e2fcc860b4dea163280c8baf6629ccaa87ae3
- SHA256
  
  3921739750770747349e1bbd05e4a06865e8ee1553ca7063b047e11bc18b848a
- SHA512
  
  642ba912aeb997c38dcaebb254b0a8363fd83f48bebe32f282e2ef6257a2674013a50dc22f6f276483d0744d38801684f2263d7898b4522fb70987287849aebe
- SSDEEP
  
  196608:E8OU6EBTlYaphOIgJW1q1ANtR0h8K++K8XQGJP1j4caI6HMaJTtGb75:hcEBpYcqER0h8dGJP94+5
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Writes to the Master Boot Record (MBR)

UPX packed file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32