General
-
Target
17012024_2140_FedEX Shipment Arrival Notification AWB Number 00117980920.img
-
Size
1.9MB
-
Sample
240117-qyrggagbfm
-
MD5
c81ea996bbc868c8f79bddfec412fc58
-
SHA1
f64efda79d221af24b9dd1a9ddbbd874c680e979
-
SHA256
c32ca257ee0c260e7dfa276c8756ca9a50ea347de5e8b1b858dd5de0f85d763c
-
SHA512
108b5328dbe8f7a679b59d27195db031200c152f4adc59d3f0cc1113972d0c332adbdd55c53c8c10ec8b20168bcf8c1d0b3681c28c0ac4baa27c2c66abf3f5cb
-
SSDEEP
192:zmmyxRQzfvQzrHHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHHnHm:pfYz
Static task
static1
Behavioral task
behavioral1
Sample
BL#ACU240141 & Doc#HLCUBKK240124139.pdf .js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
BL#ACU240141 & Doc#HLCUBKK240124139.pdf .js
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
BL#ACU240141 & Doc#HLCUBKK240124139.pdf .js
-
Size
1.4MB
-
MD5
286d534eb759c671fa9e79cfafd3bc85
-
SHA1
d165938c1c607618c5cb6d9d11cf5b371f007ac7
-
SHA256
77109ba56a5e70fafe88a10800764ec30d35727c1ff8cdb2934534ae8c7e048b
-
SHA512
3b1ee1a647b623265ad7e90d786e61cafe6ca5e312676dafcc198763cf8efe3f479fb66b4aae9d1e7289ec5433055ab193ffd91abefc732e3d337d4fe987119b
-
SSDEEP
192:FQzfvQzrHHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHH3HHHHHHnHHHHHHf:efYzD
Score10/10-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Registers COM server for autorun
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2