Overview

overview

7

Static

static

3

WindowsCodecs.dll

windows7-x64

4

WindowsCodecs.dll

windows10-2004-x64

7

calc.cmd

windows7-x64

7

calc.cmd

windows10-2004-x64

7

war.zip

windows7-x64

1

war.zip

windows10-2004-x64

1

war.docx

windows7-x64

4

war.docx

windows10-2004-x64

1

war ... .exe

windows7-x64

7

war ... .exe

windows10-2004-x64

7

war.docx

windows7-x64

4

war.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90

  • Size

    538KB

  • Sample

    231201-2cndgage7y

  • MD5

    524665cc265015fcc38888f65e756f56

  • SHA1

    f17590f677f27ad46f1545de2be7c1ad133fe669

  • SHA256

    d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90

  • SHA512

    fe0dc1fae3ff90cf06ee803e41978b7f1a411ff55a1cce06f6e6b25959a3d5405613100954133aebdd06d01c75027d910e71abe2fd9aa560fd1bd1b3db9e9cfa

  • SSDEEP

    12288:nWjOc6h5CDNT940FEPxTbS0qznfemAyAaJP36sFrkx5p7LZh:kcQDNTJFEPZBqznmmAyAah36sFgx5pZh

Score
7/10

Malware Config

Targets

    • Target

      WindowsCodecs.dll

    • Size

      10KB

    • MD5

      c7b906017453f3ce54da40a98c1a55ab

    • SHA1

      5b9121f627af1b308c31f6a4711621738b09044b

    • SHA256

      47074a6d033966d07e4587705401533ad6c5fa2b11303c520a37999337d1a1eb

    • SHA512

      51a6cc86f5968f5b6badc4283eb2405e4d6f4ff3f7e58dcd6283d81bfef56f1a0cfcdc0dc7378a3daac6ae74e2e9f5c5290a223b51d3890bfc61431988dc4180

    • SSDEEP

      96:VBFdaEA1lrAcH5ocDxoouJo4rvPhZJOu6sQRB0GyURTzSDQrO7V:LaEuZfDaJ/hEBZBcQrU

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      calc.cmd

    • Size

      1KB

    • MD5

      d457ed0b51ba58273b024d449387f162

    • SHA1

      60bf619ed079ca310a5c426d2d7ce52c5d879647

    • SHA256

      595590fdfa9618b7f7aab5b8795f9336d71c8918f60aa88dce5d4b07c7071a5a

    • SHA512

      3996849f9ca799be6d42c41ae9634e7b282fccf4a366756015e5f16b0e76c941189fd65776ef9bdf51b6faa3536bb4f0d27ec09552dd5a02834ed214d3beffcf

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral3behavioral4

    • Target

      war

    • Size

      79KB

    • MD5

      b66cb10e6adc64faf3269e0af489ed38

    • SHA1

      fcaf99d63fab1290c63d664c79925ee83e8193c2

    • SHA256

      8cc664ff412fc80485d0af61fb0617f818d37776e5a06b799f74fe0179b31768

    • SHA512

      4c95d0eb98af70e6f4628d638b3e24a7afb7d6c4d8f63af7026105c9cc5d53cd7e9f39fa8f0544fd7f987185d6cdfb7778be3a1b533674c438ee9ac898eec26e

    • SSDEEP

      1536:G3YdNXvfwTHcob3NcSp9e9CinEPDpyXqE45lgSBIYYdB9B1HInCVqkUAecHj:LvgTb3W0ghocXqh5O7jB9BaCsqTD

    Score
    1/10
    behavioral5behavioral6

    • Target

      war.docx

    • Size

      85KB

    • MD5

      31abd32ee945d702a092b6646b29012f

    • SHA1

      b39f30aeeaa48da28242986f895b3ce37af530c8

    • SHA256

      1f4792dadaf346969c5e4870a01629594b6c371de21f8635c95aa6aba24ef24c

    • SHA512

      fde9bbcc701155d72e92fb2657ac4ba1825ee3547c7b61a7ea1c407206927caffc34e6fd202888318ce8baafe46f88f06ad0fe3a8c881ff0c7155dafd11bd789

    • SSDEEP

      1536:JMpzt4de493JxXKIUYRQprRHRMY3OoipRWUMp96LMKDniNRW:JMVt4dR3JxXRrQXRkHNMv6LMKDniTW

    Score
    4/10
    behavioral7behavioral8

    • Target

      war .EXE

    • Size

      897KB

    • MD5

      10e4a1d2132ccb5c6759f038cdb6f3c9

    • SHA1

      42d36eeb2140441b48287b7cd30b38105986d68f

    • SHA256

      c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

    • SHA512

      9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

    • SSDEEP

      12288:MK8SOR3VRbImnDKxohj+5Q/oln46ucaOfRr5AWHeGL7GOK:MKm3MgDKGhC5GYLuca6LDod

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral10behavioral9

    • Target

      war.docx

    • Size

      85KB

    • MD5

      31abd32ee945d702a092b6646b29012f

    • SHA1

      b39f30aeeaa48da28242986f895b3ce37af530c8

    • SHA256

      1f4792dadaf346969c5e4870a01629594b6c371de21f8635c95aa6aba24ef24c

    • SHA512

      fde9bbcc701155d72e92fb2657ac4ba1825ee3547c7b61a7ea1c407206927caffc34e6fd202888318ce8baafe46f88f06ad0fe3a8c881ff0c7155dafd11bd789

    • SSDEEP

      1536:JMpzt4de493JxXKIUYRQprRHRMY3OoipRWUMp96LMKDniNRW:JMVt4dR3JxXRrQXRkHNMv6LMKDniTW

    Score
    4/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Hide Artifacts

3
T1564

Hidden Files and Directories

3
T1564.001

Credential Access

Discovery

Query Registry

13
T1012

System Information Discovery

16
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks