c66e705f800b30f591505be1c429c2e01b7851eb60bda14767d9d871151822e5 | Triage

Resubmissions

07/03/2024, 18:42

240307-xcfamsbf7z 8

07/03/2024, 16:34

240307-t23wfsff58 8

Sharing

General

Target

08032024_0034_Open_Document.PDF.js
Size

42KB
Sample

240307-t23wfsff58
MD5

c547de465c47116ac5b98e8c0d76ecf4
SHA1

416b551c075d9299b7d1ecd1462f4376bbbead1f
SHA256

c66e705f800b30f591505be1c429c2e01b7851eb60bda14767d9d871151822e5
SHA512

305185c5ccb6e39016d9d6e1270e7639956a9f973dc2b74cb7c01569715f19ae918c965d48ad150938e3b60c58f038d01f9bc3116a8c95d9317cae4a9e148d7d
SSDEEP

768:m6F9Zr0PxSR0He2Ut6+HgyrO/ubZQIoy7WHIcvp+EZvQAhXLNqYfDI:m6bd0ZSR0H6t6+AyOWbbTSH5vp+EZv7M

Score

8^/10

Malware Config

Targets

- Target
  
  08032024_0034_Open_Document.PDF.js
- Size
  
  42KB
- MD5
  
  c547de465c47116ac5b98e8c0d76ecf4
- SHA1
  
  416b551c075d9299b7d1ecd1462f4376bbbead1f
- SHA256
  
  c66e705f800b30f591505be1c429c2e01b7851eb60bda14767d9d871151822e5
- SHA512
  
  305185c5ccb6e39016d9d6e1270e7639956a9f973dc2b74cb7c01569715f19ae918c965d48ad150938e3b60c58f038d01f9bc3116a8c95d9317cae4a9e148d7d
- SSDEEP
  
  768:m6F9Zr0PxSR0He2Ut6+HgyrO/ubZQIoy7WHIcvp+EZvQAhXLNqYfDI:m6bd0ZSR0H6t6+AyOWbbTSH5vp+EZv7M
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2