Resubmissions

25/03/2024, 07:31

240325-jcv47saf79 8

25/03/2024, 03:43

240325-d9zk1aab3v 10

25/03/2024, 03:42

240325-d9pqssfc37 1

25/03/2024, 03:42

240325-d9fswsfc33 1

25/03/2024, 03:19

240325-dt8hzahf8y 10

25/03/2024, 03:01

240325-dh59gahd2z 10

General

  • Target

    見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.zip

  • Size

    72KB

  • Sample

    240325-jcv47saf79

  • MD5

    294f6ab446b282176aa35550e0ff0819

  • SHA1

    f0726215c4db47c14f100b16d3e97f79e0f0af6a

  • SHA256

    903ab5d44a560508bd22ad1dd43fb10e603f1cdc7478dbec70f58c772294f56c

  • SHA512

    efebd36f18658c82a7da26001c7299957e45bfed8fde14c988a0480c6da315d6c4ac90fecc33d13e7a593c2001a1035c192d59a2c78615f16b5689a37a6b2410

  • SSDEEP

    1536:vvPoG2ZaHY4GqLWkLjrbHVgxExMKcDF26vhX3S0NKqjdB5mTeQE1sNCC3LNg:vHoG/HZxL1nrRCov8zvhXi0vhB5m6s3O

Score
8/10

Malware Config

Targets

    • Target

      見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs

    • Size

      181KB

    • MD5

      5abfcbce1f90501808379e179feb51c8

    • SHA1

      e305ee8202f579517fe0634e22346584aaf4c148

    • SHA256

      7698fb4c720a5c5810a8b80ae25ef1e6f5185e49cb151ef21937f0788276354e

    • SHA512

      616becc5031d7b1d3e0b08b86a7a90b8a354a2357fe0fafe6e0e16c094eadfea2362452e32169b32f322b2c06e11c79b6220a40c8bd46be7dde21d086c7c2a5b

    • SSDEEP

      3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyC:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVJ

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks