0899a17ca5fa58f63b8ac988d2f9eaa35bb136c2a1256233eed37efd0f659fd9

Sharing

Copy URL

Twitter E-mail

General

Target

0001d673fc7537fd1701e4015bf83cd3
Size

15.8MB
Sample

231229-wpbbsaeeej
MD5

0001d673fc7537fd1701e4015bf83cd3
SHA1

53fe2e82a03efdde86715b73b53a0995a4ce0dda
SHA256

0899a17ca5fa58f63b8ac988d2f9eaa35bb136c2a1256233eed37efd0f659fd9
SHA512

24e9afd09184c0c52f06c64d80208885613221656e76663140869a3b59f5a920506d335b4feb84464f89f06641a566bdafcadc1aa07256b270f4b8cc2da04318
SSDEEP

393216:sEHYE5vMSQcpQmxB/yj4Z/pF0+cOYYT5WN2Qb3:s1E5vMSDpQa1ycntt/YNtT

Score

7^/10

pdf persistence

Malware Config

Targets

- Target
  
  Lizenzvereinbarungen.pdf
- Size
  
  147KB
- MD5
  
  d0c927725da4846d7a1c6159f79079d0
- SHA1
  
  d748b66ed8bc3fa7cf1f904a86dce1be72668b84
- SHA256
  
  fc5845ac5267b5239084a66876b3285088c26301884bfb6f3c77040b0e947fab
- SHA512
  
  65eaba222617bb1e2a63b819665717fbac05873e32b1145645781e53ea81e2de7923c6eb9a96d1e1304b3a1a06ffeac0de19cb7dc4bf9add574b8dd6ceb0132e
- SSDEEP
  
  3072:8WUAxln3rYBDCK8+RrUlaR2ud1ML1mDVzbbHUALDkZo37:8W7xlnEpCrQUlavd1MLEDVznUALT
Score

1^/10
behavioral1 behavioral2
- Target
  
  VisualLocalize_Software_Maintenance_and Support_Agreement.pdf
- Size
  
  144KB
- MD5
  
  246ef29594fc3a5d2df1f45a27713820
- SHA1
  
  3c82a9d7f4e38d1ae55d09c1868be29f051c942c
- SHA256
  
  4ea9d512b390cb4eeafde4a742b082660d7e126ac0ea0ce30cb21978b059cff8
- SHA512
  
  49d1bd59859931c7c0a29f68ca77d4ff9dbab7c9ed86ece0c8b5d37707f3675846b41ca3cf92acf4bce0fc5342d39eaf1f778722c4486f6fdc62bf8604c0f3f6
- SSDEEP
  
  3072:gXiSymqrK586klRq3ltKJAfJOKoE4Df4A3ZtNk122t5gN1F7CSHAz0:WiSYrKe6k/KCeJOBFUsZtNHMGv
Score

1^/10
behavioral3 behavioral4
- Target
  
  VisualLocalize_Softwarepflegevertrag.pdf
- Size
  
  137KB
- MD5
  
  f532809eb479337f3fabf678d0ab1a03
- SHA1
  
  ee11dd7261f4f8f6977ce6c7fc74ac80961c0fd3
- SHA256
  
  0289967fb90c7cdf98f0395e8f92a0738ba1261dd66371e84c5aff0d19820175
- SHA512
  
  debea89ea86c40e8756db802f12d92c4a26647f5bab280e9e2f9cd7c8f2b908d4c05b499559746a944a7a02338409c3c8ac36f2e1af6951cdc2abb18c45ebb6d
- SSDEEP
  
  3072:eL70il0h6L73u1rrbaTEfWmNjWwBUNIZ/R+1h61OlGI:eL70iKh6nu5WO/xWwBUN6rI
Score

1^/10
behavioral5 behavioral6
- Target
  
  mdac2.6.exe
- Size
  
  5.2MB
- MD5
  
  3b2828c8d9ccb479e86588bc8d96190b
- SHA1
  
  922ac9d47b7b6bdabcc27dcb37ed728b3cba92ba
- SHA256
  
  91605f8d309ad9497621c629c712e8ea3f6408775da49910a82b94b099a990c0
- SHA512
  
  74cbaa72e5a18d7753399e3da9c96d2c8b0150c9305e22f5b51233396e0abbbfc8505dbfc9c0553faa4d4c913283ea027934e04e5b17dadf5ff12c5c86a16a3f
- SSDEEP
  
  98304:EEghw9PCtLM5hNHMRIoLdxm6WvQgq7tlqG/w9e1nmEtGTDXUNiLYDFvuWM:9ghePf1GIoLdc65gq75oA1ZoPiiGFGWM
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  msxml3usa.msi
- Size
  
  1.8MB
- MD5
  
  915f35273cb5243d45493703630e6862
- SHA1
  
  52965a6bec2bfffbcfae462d45257438484bb9c6
- SHA256
  
  aadef935cd53816bdb46d6a7faf27be0578458e74399064685af365c84b42c4a
- SHA512
  
  cb2bf65ebe6d10b4a67f8c559a018a2268ca81418d4bd26d81fc669a064fea4ea0d10babf9094eff85d67207840bbf6b49e83edd8e2ee5882786cfdf4125ce49
- SSDEEP
  
  49152:lXPZmUAl8GVcj40KY5A5cnChyIDOK2/wjsS3rRk:VqxgNKY5A5cChVKK+4ss
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  setup.EXE
- Size
  
  1.4MB
- MD5
  
  aef2d7e3d5d891295d745d3b9b067d75
- SHA1
  
  0cf46d6a8bb6636844d6d3b996c979f2c4054609
- SHA256
  
  3ed26cc43ea79c77662b12c3f23b413d3ad61e453e804780486a6ad20cb98f40
- SHA512
  
  ecbc5f4decea8db39e635ba5b045f66523ef2c92fe372d76a34cf19a09f6f9b3b7c4dc323953491abe253b54f23d53af28f4ff7ad5ef02df880c6111c935a6a7
- SSDEEP
  
  24576:KFPrLPpDjh4Q4rD4X8id+0oXzCbNO5IlVi5BQWfTZllrv+0q5mNcuWVldKNK:yPr1D8D6Ld+fXzC4YAWWFlFG0qs/WV3J
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Blocklisted process makes network request

Enumerates connected drives

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12