2d7b1d385d39ef9529f8dce7d72d4002cc944639836efd1308772a8a002d5f91 | Triage

Sharing

General

Target

d370ed5c81a25eb9e9489bbfc1350503
Size

314KB
Sample

240318-n2zk5sga78
MD5

d370ed5c81a25eb9e9489bbfc1350503
SHA1

de4000abc98c9238f94a28f6a6bd2bc5a8bd1dae
SHA256

2d7b1d385d39ef9529f8dce7d72d4002cc944639836efd1308772a8a002d5f91
SHA512

78289467d52f710c2417406606802fc3e7d148d71b8c712727cac3824b211da90501c2599205f2af918ef1cc80bf9095e39055e3841dff891563b2cc3b9d3303
SSDEEP

6144:nI03T1cJ2x3xbDKLvcO0hb2cHFFRCZXMJJRVk+8477oVLuSYAD5i3tcpCwb3x:z3ZYkB6Dxsb2GkqJRVk+Co/AFwaxh

Score

7^/10

Malware Config

Targets

- Target
  
  ha_Photilla-v1.0/Photilla 1.00/photilla.exe
- Size
  
  396KB
- MD5
  
  d9b878bc03eacfad568e7bb8b4e56de4
- SHA1
  
  7d52f45bf62809078676dea7af7e95158b765461
- SHA256
  
  268d318218d2d73f020756a865f6bfa304756af757597a54c5b2567ed09bb3d9
- SHA512
  
  788bbb79551e1c7f878afe8d197667d7406286c9b9d76050cb7d9ba3bce6e434b88e032fb03a55cc5aad31a4e90499f5bbbb4f9e1626dda2efbd262464d7a8b5
- SSDEEP
  
  6144:3+7M+e5JE4xkiVexNUwA4IHk6Xa6+wdPzh4cXwei7R:3+78yo9VNH46+RcXKl
Score

1^/10
behavioral1 behavioral2
- Target
  
  ha_Photilla-v1.0/Photilla 1.00/uninst.exe
- Size
  
  400KB
- MD5
  
  e1aa743888b73afc421eb3d23af05561
- SHA1
  
  e68aa8cdba201cdb8b801b041f4083e95d1dab6f
- SHA256
  
  b7ba22071f78978b714b196b8cb1bbebfc054a5d3c34836ad61766085ea9955a
- SHA512
  
  9e8874b981aa426d69490bdf71e8d14262897f5aabdc36a93b7342d260d9631a31bda501edc0cd178f80c617fa3e04e726c825f2e696bcb84facaf0d1d0f4175
- SSDEEP
  
  6144:i+805JE4xkiVexNUwA4IHk6Xa6+wdPzh4cXwee5QWow:i+8uyo9VNH46+RcXeLow
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  ha_Photilla-v1.0/Photilla 1.00/汉化说明.rtf
- Size
  
  22KB
- MD5
  
  9369fa1610033b179d935c6a7004e577
- SHA1
  
  e68fbbe81f7f9ceaa3d3c7b6d8a4dac4cca40744
- SHA256
  
  c668e7e4e53fb9e60d1f93e848e90c2988d5e3b96139dd82087cdd92ec88df0e
- SHA512
  
  b53f2342ded4c76b412100583f006506a5502fec7af58b080e858bcd97ac45f52a8cc5864a3020195105c5865dcbb045bd1d126edf0f9c44c431cc0f6e23d503
- SSDEEP
  
  192:BTdDY93rit0N1yPfyNccTN6KyzcBv//sPT6tTfRzlY6kJ3qCg9yPYaAk5kxin1tC:BTdDu9RkJ3qCgaas1tC
Score

4^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6