90c690de80f813032dc1d04fe340580509d5d33a0ed55834da57da084e9129df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CRVL_DIGITAL_PDF_172229230.zip
Size

1KB
Sample

240220-fzcplabg2s
MD5

d87cd84e27ab1c5fce3a98d72c2f9dfa
SHA1

58ff973d20ed7997f988374a007aa4f2d19bf575
SHA256

90c690de80f813032dc1d04fe340580509d5d33a0ed55834da57da084e9129df
SHA512

a3600138e3cf1c3106155cccd1aafffda56ccfdb348d9fa56b0ac55d0eba659940579a07a9a836743e598ac7fddf853fd34b4f71eaae3593d2a0e49fdd43dbe5

Score

8^/10

Malware Config

Targets

- Target
  
  CRVL_DIGITAL_PDF_172229230.lnk
- Size
  
  1020B
- MD5
  
  5b6ec02bfbe7331f09395a7c467ced13
- SHA1
  
  66f83151cf13256c3027ad6fd59452b6036b40d3
- SHA256
  
  96dc3568939a1f35a045108b3d417c5512341e592d0639d0c1f0efe21da76162
- SHA512
  
  8eaa277c5c99a77c81b6df353499206e6efc668199a4bc5a4159ca0723bc1e9af919471996f0d4f7271c492ca6871d41707e5ac4506eac77bff7af3c5b39f819
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2