Overview

overview

10

Static

static

8

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...us.exe

windows7-x64

10

Campus\Exe...us.exe

windows10-2004-x64

10

Campus\Exe...us.pdf

windows7-x64

1

Campus\Exe...us.pdf

windows10-2004-x64

1

Campus\Exe...AJ.exe

windows7-x64

10

Campus\Exe...AJ.exe

windows10-2004-x64

10

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...US.exe

windows7-x64

7

Campus\Exe...US.exe

windows10-2004-x64

7

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...ur.xls

windows7-x64

1

Campus\Exe...ur.xls

windows10-2004-x64

1

Campus\Exe...yn.xls

windows7-x64

1

Campus\Exe...yn.xls

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...ge.xls

windows7-x64

1

Campus\Exe...ge.xls

windows10-2004-x64

1

Campus\Exe...rs.xls

windows7-x64

1

Campus\Exe...rs.xls

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...us.doc

windows7-x64

4

Campus\Exe...us.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3ab877d98d40338fbed2374abb8e2db45a34de005089462ad124f8bca82cef0.zip.zip

  • Size

    32.7MB

  • Sample

    231107-r72jgacd32

  • MD5

    24494afd33f292006539bdd3bd909e99

  • SHA1

    cc8b0dcf91909165567ea9d3951d1647decbcde8

  • SHA256

    4713cd54e3f99c4a3187fa5df537a59fedef1b81066b7520f0e6a92e3c635672

  • SHA512

    149636852bbeb5553df2682f2015a024147c31180e9559198b6483e12884843758008c858ccc8faf164b2f5c5c6ca80ff4f7cd022e0314b4b1dcea743f375a3e

  • SSDEEP

    786432:kbY20slV7HKS8c+LkoUBLMGgYrWNh04h6EQusZ:kbY20kNq7lUNTrWNh0+6n

Score
10/10
evasionmacromacro_on_actionpdfupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Targets

    • Target

      Campus\Exe\Bon de commande mensuel Campus.xlsx

    • Size

      20KB

    • MD5

      e786b3cf3395cadbd76081501560dd3e

    • SHA1

      dfc6df3628abd5f834032498900e0c3837c099ce

    • SHA256

      9b9b821e9ad134967832af42671930111a56ae392162e9b8aed5edcbb139131b

    • SHA512

      5d2d7512d11d697bc0169661ea2d8dea9453a8a3bc72228a010de7fb4c97930aa5d32084c1ed7251580a26b030fa8ab6128d865dc7c91958ede8a65db13e213a

    • SSDEEP

      384:VxxeZbhsX7R48VtVnT330x11GVObafGDfSnq6QMda:VXsbhkbJz0x11G5a6Lda

    Score
    1/10
    behavioral1behavioral2

    • Target

      Campus\Exe\GestCampus.exe

    • Size

      1.1MB

    • MD5

      87c8fbddd953afefc364b52b3ddf9b00

    • SHA1

      f57235b52dba70329641c57d65f83f8595b3bfc5

    • SHA256

      d539a77d880ab75b57787540f771f83f97d3102230b71f84ed45e79a83a08cf7

    • SHA512

      5715a98e8ed138827e8b4456f7ec37a03dce310a73f605da282a269a57268254e60560a51c92e12dd0b8f3005309e312fa3932ac987a42b0769070e278c01deb

    • SSDEEP

      24576:udFTku72O2xY8hX6Vag8MaOs2GGNh1m2txEdFANwnOID/V15iF:EQu72frXUVaOkGNhLt+i+xbW

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      Campus\Exe\GestCampus.pdf

    • Size

      682KB

    • MD5

      f9c661e9a1c382cac57343b6124a282a

    • SHA1

      72c641c74107ba9883c8683ad4e6ce5edfede802

    • SHA256

      b83ceb60d076c0568c666e581ca5d12de4db2adf6a333c778b80b3781228c0f6

    • SHA512

      7497c07153162c7d57e16901f7981b88c3f147b274054a91798f49ff8bbc1cc890918afb677edeb8ecb240f65ccc6ea6bcf38e6076d271ee5c6af2033879ae4f

    • SSDEEP

      12288:chT7baMcinqyJoLODSlRRwfo2+mm6hbm+9CiH2upBCEGSinxepw:ch3XH2LhRwAa7SMHBCEuxepw

    Score
    1/10
    behavioral5behavioral6

    • Target

      Campus\Exe\GestCampus_MAJ.exe

    • Size

      157KB

    • MD5

      8eb717b36caaa28f56f1a90220f0d007

    • SHA1

      8c6399ba74d9cff143ce8d66037a7b5bc8b7d917

    • SHA256

      c655c83d1ecdf53d05f19717e6eb943c132241ee1cc542fba4e68a8db5de399c

    • SHA512

      8ea0d6e8ec3b713d4a5967899a899c18858cda67f1b2de2b8ad5e8f62eeff66054075334725d4b1aca78e1629246b738811582bd2d86985ee3358e3943d6d265

    • SSDEEP

      3072:Lt8IM0yDla/URk68GzbH9bEKrkGpoBnkQyVwf9OFw/se1IZOumaTo/nTqLZDsSft:L3rBwXzbdbhVps/yiO+qZ4uCT4lDfX

    Score
    10/10
    upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      Campus\Exe\Intgration mensuelle.xlsx

    • Size

      8KB

    • MD5

      f0efe208702d77d5fae52e059e82b153

    • SHA1

      0ad7f258de13047dbd838b6b896327c92dd38412

    • SHA256

      22032835d8d33374ae4b15f68f807d02f698b93dbdd4177dff035c7b6224e561

    • SHA512

      7344bc30ad1114c4b6bbe3fc01079142906a2483d87ddef4d84fa582718b40205bcd62bb255ef60c6cdd8814e9d5b3beea5fcf0194618b918373cf28ba17f3d5

    • SSDEEP

      192:VxePEDuQJl23eg0ELTVnsHHXnjHuPJW4uqRLn:Vxxrg/hsX7Ryn

    Score
    1/10
    behavioral10behavioral9

    • Target

      Campus\Exe\MajHLI_CAMPUS.exe

    • Size

      254KB

    • MD5

      c6e2666f0793c8634769c261b87854ea

    • SHA1

      b7a11a87f025a8a3742232b53a3898ac939ddddf

    • SHA256

      e6904fa9af13bb3a97d1974e8ebd483edfd5186725a977d7bb2b5ef4842d9045

    • SHA512

      6244fd02bdef9dcd957c4236958b7c943fa4d855f50d29adeecb03e8d7d464b0f1e8e63d117afeea775ea343f3bcf5e809eeca14307fed52ad35d1ff37030b00

    • SSDEEP

      6144:xD32DY/PKcBk/VB1d4h9MjExfbinLuCKQDV04qDQwBSH+:xDmE/Az1dkHxf+nLuCVDUD

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      Campus\Exe\ModelesExcel\Bon de commande Campus.xlsx

    • Size

      559KB

    • MD5

      ab41813ca635e12ca56922ae5ee674aa

    • SHA1

      4a99f6fed462c5e507e04f564638fe856d52e7dc

    • SHA256

      cde0e073beb6be0a75dfe289ee99dc6cbaa0200dd96b64c18d4ba6c87ec0fa6e

    • SHA512

      a89ac4c3fa9cca74118d633a463357a5a2d13c5e1d7b463a6b46e729b4314caeef880562e10ec6b45c07dadfb8586cc338b661651dd151610581852074555f34

    • SSDEEP

      12288:xc5ygzfo0aUcs1LrKSWug8YBpbdVTg0b3zzn+:6ygz/azs1LrJYBJdVFz+

    Score
    1/10
    behavioral13behavioral14

    • Target

      Campus\Exe\ModelesExcel\Bon de commande mensuel Campus.xlsx

    • Size

      20KB

    • MD5

      e786b3cf3395cadbd76081501560dd3e

    • SHA1

      dfc6df3628abd5f834032498900e0c3837c099ce

    • SHA256

      9b9b821e9ad134967832af42671930111a56ae392162e9b8aed5edcbb139131b

    • SHA512

      5d2d7512d11d697bc0169661ea2d8dea9453a8a3bc72228a010de7fb4c97930aa5d32084c1ed7251580a26b030fa8ab6128d865dc7c91958ede8a65db13e213a

    • SSDEEP

      384:VxxeZbhsX7R48VtVnT330x11GVObafGDfSnq6QMda:VXsbhkbJz0x11G5a6Lda

    Score
    1/10
    behavioral15behavioral16

    • Target

      Campus\Exe\ModelesExcel\Intgration mensuelle.xlsx

    • Size

      8KB

    • MD5

      f0efe208702d77d5fae52e059e82b153

    • SHA1

      0ad7f258de13047dbd838b6b896327c92dd38412

    • SHA256

      22032835d8d33374ae4b15f68f807d02f698b93dbdd4177dff035c7b6224e561

    • SHA512

      7344bc30ad1114c4b6bbe3fc01079142906a2483d87ddef4d84fa582718b40205bcd62bb255ef60c6cdd8814e9d5b3beea5fcf0194618b918373cf28ba17f3d5

    • SSDEEP

      192:VxePEDuQJl23eg0ELTVnsHHXnjHuPJW4uqRLn:Vxxrg/hsX7Ryn

    Score
    1/10
    behavioral17behavioral18

    • Target

      Campus\Exe\ModelesExcel\Lanceur.xla

    • Size

      40KB

    • MD5

      c442112972fc6fabc5a81600829851a7

    • SHA1

      b36a95506b279474a4fcb66c20fbacc7b0fb0815

    • SHA256

      3428916d3d610f4bdaabf1da3c49746f73cb008e1ab53b0c87a530356a233d38

    • SHA512

      aa6b4e075cb8dcf9d6f1618d088e9a4c1dac30ad2c5435d6c3a404478af37b703291fbc4ab02c88ce721999e21811b1f63e8a323c318073d9f4dcb763cb3cb30

    • SSDEEP

      384:pyhTjhjMVHbNuX9Mozax2Uhhjn22BeV5S6tk9DijJfgje5/RR1tSgeHWc/5:YsE9j02UhhjnZBXXoGst8WU5

    Score
    1/10
    behavioral19behavioral20

    • Target

      Campus\Exe\ModelesExcel\ModeleTBdyn.xls

    • Size

      63KB

    • MD5

      ede530114a79e9868f25065926d23cbe

    • SHA1

      646acc73b068fd74b6837f3a584611910e6fe7cb

    • SHA256

      5bd064d28149e0fbd18b3c2bc92f45667d862060a536712ca73491cccb828f6a

    • SHA512

      f91caca2163ff6d810169bd3ec3ed985700cd2630af14e4dcd202be4f572e9d38740759dd000c2158d54c4b798900e956e0b2606c6ffd9ba601715c66d9e72b8

    • SSDEEP

      1536:TW++vtqOzaVH+i0v0m0ZTJqUgDCi7p9DyxfMBm:TW++lzaVH+1UgDCi7p9DyxfMB

    Score
    1/10
    behavioral21behavioral22

    • Target

      Campus\Exe\ModelesExcel\OLD Bon de commande Campus.xlsx

    • Size

      330KB

    • MD5

      f61ba2da0d09962cbcf173cd76d9c452

    • SHA1

      1069ff5fa10c81f531701a52f9e17a1d85fafb13

    • SHA256

      8b4bf39d65d7c1e7b176fca1077a2e171c222624d31af845778e105368d82245

    • SHA512

      e2bd4bd525101803d698bfc621aa4f71845c63fd958122ca4f86d6d99a2cd80ec551a34f9477e20ab08798a0d82a963403e882ae3d03c9801d5fa9f678bd7d13

    • SSDEEP

      6144:LkOYRCN61LeRi7SiERv6qJQv5gDxu3SHZ1/nD9NCWxWrV/KF7uP19pIO5O:Lk9CN6VsiOvnJ7YeZJxoWc/KF7udEO5O

    Score
    1/10
    behavioral23behavioral24

    • Target

      Campus\Exe\ModelesExcel\Stocks par ouvrage.xls

    • Size

      212KB

    • MD5

      8737f2c99a9f8b825de1389b2a7d28cb

    • SHA1

      06b36477b707ad3ea78c90870329bb0ff9639be9

    • SHA256

      daf49456b267a8038f85b0acaec13f3804f3ce0a716b4f9325b8cfee7b9d37ce

    • SHA512

      b75a70ee8a103bf3f607829a26dcf4cc9bd45200e9365fd60fe6d7057dd75f5f3c66d551091530160c7b8a69a8f3a53e6a8cab3fddee4c6c461d90d57d96aba7

    • SSDEEP

      6144:3ldr6zq1g/KujEgGWR3UnfDlavxlMPArV2uxg:d

    Score
    1/10
    behavioral25behavioral26

    • Target

      Campus\Exe\ModelesExcel\SynthseEditeurs.xls

    • Size

      1.2MB

    • MD5

      cf6367e29802f139558e631cd06ae2c3

    • SHA1

      b1886895b56d4a284ea65cc625a31e8d4f47e17a

    • SHA256

      2d3f43191c3de52dcb1dc22ee6d76027dc77f826945cf4172a01bf20629fc785

    • SHA512

      1018d83a76a47a9595e51038b7d1a3ff9a082677b71edf46be610189d7856007113b30695cbb670cf395635379944ad56c985d3500394846709462fdf275a886

    • SSDEEP

      6144:nNSVDB66rzHLtn4pKBjxReKi2CETnJEH/y1mgSw78NUo9vGWPyBy5bsZ/arKKgbV:NSVVHLtuRdXH/y1T8SocWP6ZEsovQh

    Score
    1/10
    behavioral27behavioral28

    • Target

      Campus\Exe\ModelesExcel\TEST Intgration mensuelle.xlsx

    • Size

      9KB

    • MD5

      cad39b504813eff9f3ad46a2f25472da

    • SHA1

      59d089eb56b4d3987119a3169874f9d527159545

    • SHA256

      4bfcc309eb7f3e769e0e5ccc7f92a14ff00ed092a93c4793bf7b0fe9aa6c2db1

    • SHA512

      655a98b9612f247018efd419592859bcbadad807b53d0967560447fe9b4b113bfc1d8e5869cc17640f893eacb0357f3d6ae50ce8f36e91af5a686ab250313244

    • SSDEEP

      192:VxePEDuQJl23egIbT5TVnsHHXnjHuPJW05MPXqQ42ua2N8OvI:Vxxrg6hhsX7RKMPXPulBQ

    Score
    1/10
    behavioral29behavioral30

    • Target

      Campus\Exe\_Install\GestCampus.doc

    • Size

      1.7MB

    • MD5

      5843841672533c302a2d595ba5042fee

    • SHA1

      3bcc24c3c094811da9067151c13fbfe3f197a9bc

    • SHA256

      5da8d58d9aa87b09982e41d1b1895577c7e8a19ca630d17b0dc8191087414f55

    • SHA512

      b77f8d357357ed342d337d3269c51d365356b35439f7a94544d8a4bf096a083b5d78ae69926fd12c4cee3aea14163ff54f62257789cc22c8c7f7436b1cb03587

    • SSDEEP

      12288:b6H19ZfKVpglimy78V83AcInLCazfv6eCbyKzo7r:K2gieeAcAfv6eLX

    Score
    4/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

pdfevasionupxmacromacro_on_action
Score
8/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
10/10

behavioral4

Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

upx
Score
10/10

behavioral8

upx
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

upx
Score
7/10

behavioral12

upx
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
4/10

behavioral32

Score
1/10