5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336 | Triage

Sharing

General

Target

5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336.zip
Size

4.5MB
Sample

240229-f5nztafd2s
MD5

7b0100c1ecf96b4a13f5cbccd8829117
SHA1

882f6bb80d2a3aeb721614748ece69745c6e4810
SHA256

5aa317d3682ff127e1e92d2016c08f94be60937a1b8a210876d931d072386336
SHA512

58835498769ae65f463dafdadd0e0041c1509e726cfaac2e23f1d805d8015a3e78fa7437457a496ff97799ad3b1f4ae75ae5641036cdc1c91f484d522677b6dc
SSDEEP

98304:80LUwkpKdk09peb1mH9ckhoXZ+fVYkHnps:86qp6Pebg9BhoIVYkG

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Job Interview/CoreUIComponent.dll
- Size
  
  147KB
- MD5
  
  05fcace605b525f1bece1813bb18a56c
- SHA1
  
  a3218432f34aaeabe253d07efab27bb7fff2061c
- SHA256
  
  720afa3e1216a9eb68b66858d50de0326f52afa279ef9ee0521aee98b312382f
- SHA512
  
  bcce1ea35ec0422895d7ed1ca9139ab7f695b101c2667e596dfb8d5488f695a9171df674ab2e9c8dd66f4b620fd1853caf8f4f3123acaf81a1a714b583bb009d
- SSDEEP
  
  3072:bDqLoXus3liGvU99QPCrpgZFAVpBAq9Ttne/3m48:bGLye99Qarp4+rmqNk/36
Score

1^/10
behavioral1 behavioral2
- Target
  
  Job Interview/Interview.exe
- Size
  
  582KB
- MD5
  
  ce1054d542dbd999401236f2ce20f826
- SHA1
  
  df07ed235ee93f44f4f0e4dd73f0e8af068a7791
- SHA256
  
  81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315
- SHA512
  
  efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b
- SSDEEP
  
  12288:x1ziebuYdvx24mGeamdda+W2JyaslYC1JL9PcSCfB:x1mohzmHamuCJyasaCVP6fB
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  Job Interview/LoggingPlatform.dll
- Size
  
  450KB
- MD5
  
  b54858b7357303dbd5582ea44abeeab8
- SHA1
  
  f3ba1d65f855d61dce13efbc42ce60ca8548a49c
- SHA256
  
  cc912e37802cd5c128c19949d4529e7d48266d67dd7b6dfedfd9c493d94cbe64
- SHA512
  
  b364ee1019e215c10030834cca4ca6436568e6ef25d2bee877b908bbf68f7c004559ff5317275b17c2f221c0daedbf50e11ec1bfe29c96cb61389cba75bb2295
- SSDEEP
  
  6144:q0l6+z17nzENTZ/1qZ9RQK7L342eaSmJDmPSvnjxQKhqOHTqnxm1Y3ki09t+mbTN:ayqJoZ9382tDm6vG1xDaLpJ//rpd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  Job Interview/UpdateRingSettings.dll
- Size
  
  377KB
- MD5
  
  9f950504d5ea22c6f1ee20f7c2ed3b7b
- SHA1
  
  5090de783322847e6395567e7449fc4200b054a5
- SHA256
  
  37253093d3c8ed1d56b3a50f31f8944888ff38b714097637c5372a0ad19c337b
- SHA512
  
  ae80c7778304140d4476d42f6ef4439c61c2ec4ff42958007b93418a53908fb516544c57e1db99b7a6d79ae501f49c46f6636d8f967b033e744feb33879e0734
- SSDEEP
  
  6144:NUlY4DS+edXqQE0jrJdi2Jnrly7IhPdZGVTQHtjM+jlxmFdNwtRx5Kg3jcCE++Jv:NU64s6QPrzi85tdX+ExMwtjcwOcS
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  Job Interview/essential.dat
- Size
  
  4.7MB
- MD5
  
  4ed5d74a746461d3faa9f96995a1eec8
- SHA1
  
  d9d513e6ddfe9e83df4540deed3c421f80c5ec41
- SHA256
  
  23f6cefdce551431675506cb1c438feb2c66d38d1c77ebefe0fd5042e677ff80
- SHA512
  
  d9d632a337b091ce8682197fb77b29e201fbd3113d988bfa69d6c7f672e05bd958147221afdbaa1baa8269a6d35d8aca522b1011bbd32fa4485427f28dc3f0ed
- SSDEEP
  
  98304:adLUEBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuYDcvwu3707iQMMvozt:aZ220JyNtjSkQYagF
Score

9^/10
- Detects executables manipulated with Fody
behavioral10 behavioral9
- Target
  
  Job Interview/msvcp140.dll
- Size
  
  438KB
- MD5
  
  a1b3963e1766c5266d94b171a4595cee
- SHA1
  
  9283a813774f2e310997ba08bca9ec96282a85d1
- SHA256
  
  0f5aeae55bf6d7b37e5582ec60bbdb93bf24adf648f9fa342cdba1b0a754e403
- SHA512
  
  ef0a3cb33902eb0dd3d80b688f5e23b4192ebafb131b30c56f27221412daf72b40c3e17670ec1ca8209775369f93bf66a3a75ae5acff45e629e732464d3972b8
- SSDEEP
  
  12288:vEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgWxX:vEPa90Vbky5CvyUeOKg03Ooc8dHkC2ez
Score

3^/10
behavioral11 behavioral12
- Target
  
  Job Interview/secur32.dll
- Size
  
  54KB
- MD5
  
  f58e0dfb8f915fa5ce1b7ca50c46b51b
- SHA1
  
  9acb977f13fce7ec38275887ddbbc0f42532e907
- SHA256
  
  90fa29cc98be1d715df26d22079bdb8ce1d1fd3ce6a4efb39a4c192134e01020
- SHA512
  
  4ebab09c4319c4604e7dad00f669e572ecf79d9db74a1a6f6ad833ea4be2ce3ead1548196a9b15a052ad006af28afa2005bd5523b8215e1f51fce9671a73580d
- SSDEEP
  
  768:rC8sPHjgxRIO5h7Ji10Ed4WKn84n2ZePq+RTdFvnM+cmVqDj64Bj:ri/Mf7oiEdXKn84n2ad/vbcmVWjXBj
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  Job Interview/vcruntime140.dll
- Size
  
  77KB
- MD5
  
  f686e2331a83d20798cfc2734729e531
- SHA1
  
  c7e6398f5a735039baabf22712c5a8aee5a945e1
- SHA256
  
  535f74f446a1b7b53da24a742d02369cbcc609003a6b4a8175491aa71c5481b4
- SHA512
  
  30ea339ec845dbc9aa7b323ed25e516cb04f3e17789cd28f54646c82395f0b42eb4a5d4d4aa06c4d39b9602c37590b31ca5c0bfa22a514a73ec45e39c0d8e31a
- SSDEEP
  
  1536:l9W/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86k+P8iB:l9W/j28V55At/zqw+IqLUecbAdz8gP8e
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16