Overview

overview

8

Static

static

1

My Harmony Portal.eml

windows10-2004-x64

8

attachment-10

windows10-2004-x64

1

attachment-11

windows10-2004-x64

1

attachment-12

windows10-2004-x64

1

attachment-13

windows10-2004-x64

1

attachment-14

windows10-2004-x64

1

attachment-15

windows10-2004-x64

1

attachment-16

windows10-2004-x64

1

attachment-17

windows10-2004-x64

1

attachment-18

windows10-2004-x64

1

attachment-19

windows10-2004-x64

1

attachment-2

windows10-2004-x64

1

attachment-20

windows10-2004-x64

1

attachment-21

windows10-2004-x64

1

attachment-22

windows10-2004-x64

1

attachment-23

windows10-2004-x64

1

attachment-24

windows10-2004-x64

1

attachment-25

windows10-2004-x64

1

attachment-26

windows10-2004-x64

1

attachment-27

windows10-2004-x64

1

attachment-28

windows10-2004-x64

1

attachment-29

windows10-2004-x64

1

attachment-3

windows10-2004-x64

1

attachment-30

windows10-2004-x64

1

attachment-31

windows10-2004-x64

1

attachment-32

windows10-2004-x64

1

attachment-33

windows10-2004-x64

1

attachment-34

windows10-2004-x64

1

attachment-35

windows10-2004-x64

1

attachment-36

windows10-2004-x64

1

attachment-37

windows10-2004-x64

1

attachment-39

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    My Harmony Portal.mhtml

  • Size

    1.3MB

  • Sample

    240409-rw6n2sch6s

  • MD5

    6b86f9dcfd437b7fb1b2bb78dd5f5a34

  • SHA1

    fc7040ec3bb42458721cb28801f67ba0d546dbb4

  • SHA256

    cf826dfe6be0c0f9d0267804e48b8287a9117644e3123cefcae9626afd4210f8

  • SHA512

    ad2f1e21681c0acc7dcc194d9a89db91b2e5f4a9b5ed963a04e72dbcbc7526fc6987a23976dd5a429f9f5a0e1938f81a2d1d27350c2fc333694514adaee92a41

  • SSDEEP

    12288:N7fr6QdJWPkCIyvMaDedf13KjPwoK5aUzP8nqHcY528sTQ:NnHdkXBedf1KF+4jE

Score
8/10
discovery

Malware Config

Targets

    • Target

      My Harmony Portal.mhtml

    • Size

      1.3MB

    • MD5

      6b86f9dcfd437b7fb1b2bb78dd5f5a34

    • SHA1

      fc7040ec3bb42458721cb28801f67ba0d546dbb4

    • SHA256

      cf826dfe6be0c0f9d0267804e48b8287a9117644e3123cefcae9626afd4210f8

    • SHA512

      ad2f1e21681c0acc7dcc194d9a89db91b2e5f4a9b5ed963a04e72dbcbc7526fc6987a23976dd5a429f9f5a0e1938f81a2d1d27350c2fc333694514adaee92a41

    • SSDEEP

      12288:N7fr6QdJWPkCIyvMaDedf13KjPwoK5aUzP8nqHcY528sTQ:NnHdkXBedf1KF+4jE

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

    • Target

      attachment-10

    • Size

      1KB

    • MD5

      8e86861be0feae69f409df70762fb6c4

    • SHA1

      22056035db663a759c598f599be9c0ce30aff485

    • SHA256

      5ad7c59bf18db79f96ed656b6ac20775c0e05ddf1ee5962c03f54c0d6b77ed5a

    • SHA512

      21f3484eba52c76bd5afa32caec872522031445ea7affd873bdc2d02327c8929cb3bb39ad2b92fe101a3f4e77bc42eed864475e6fa84999a881e37a4a28e81b8

    Score
    1/10
    behavioral2

    • Target

      attachment-11

    • Size

      2KB

    • MD5

      172fefb43e39c80ab6394da3f752ab39

    • SHA1

      caea71835545dd75e573eb91dc7ff7232e5fd450

    • SHA256

      00ab3e771ab91638ed47968cb215e281cd97924d98a03970fbcb333eb1a33c7e

    • SHA512

      3c9cb2fad08208b1cca41721d33630e1299059dddf4955d224350d4c3e8099417685cfa353434ea51a8c103045bb64ca05157fdf8f586314c7c99003b1f25c1a

    Score
    1/10
    behavioral3

    • Target

      attachment-12

    • Size

      1KB

    • MD5

      fc87684ed0d98e2fe03bbc1e7eb672d0

    • SHA1

      91b895c5282aceaba86530eb873c4f647fd4201f

    • SHA256

      71da196532c85398d1a33b522473013979f07033ad099c19a36b71dfc50338b8

    • SHA512

      48dc6ba38ede43094b4195a21b6c12c19a1e66f0e78f85c494acf73530870d727c68e78cc284ed95b4855360c127f408e994a5116e9825f9a58f9c30d37b4cb5

    Score
    1/10
    behavioral4

    • Target

      attachment-13

    • Size

      2KB

    • MD5

      f8d9eba0811170480c55445e871d68e0

    • SHA1

      7bca8937fb7d40cfe2955b33b808ca7ec72289b4

    • SHA256

      815f34ee33191a7bf23e184706e1b2efd353670a3894f382458a8eef4bbd94d5

    • SHA512

      913c911d6baa0202583a6d072f1b219858cbf7117bc33d278b682606d96730eb206ecb43f8231aeb73c7df5cd250daf6118471ba969297b3371fd9e90a81628f

    Score
    1/10
    behavioral5

    • Target

      attachment-14

    • Size

      303B

    • MD5

      7372728e152ba028ee6313803cae14db

    • SHA1

      3ace1a35b1f10217b009b0bc432f74d755017673

    • SHA256

      c189b74a06bcdacb55dd729d74763b1d555c52dbba0b3f7101bc098d8c22e334

    • SHA512

      a62d2945d00b101061ae82312b95bf6e7592c4f26b10c8043d4379d8a6a03243483cc18684b0493d3e8fe875dfb3ff82347b1bce5436519d001eb80262ca76f0

    Score
    1/10
    behavioral6

    • Target

      attachment-15

    • Size

      1KB

    • MD5

      136d7e64e02900c9edc995a4641965e0

    • SHA1

      f2b6a6222f66b2644ee2d98aa5004e61297444e2

    • SHA256

      b6b15991e517191adeef7a7d5b85359c0370d24bcf21957e4d5ea69fcdf20ddf

    • SHA512

      d50ba73607c58f63a86dc987de68ded96d92b505e1a65d9826821f9c2f97497ea71ba5b8cda4a39c185253a446252ad763c7bf1fe4b8c005fedd13ae41c24888

    Score
    1/10
    behavioral7

    • Target

      attachment-16

    • Size

      585B

    • MD5

      2eae6e0ec52568e4fe5f4862ae32cd6a

    • SHA1

      d2fc31a290c3910e0f8217fcd2210ba089523d32

    • SHA256

      3469be0db2ec3f8e24929cb909e2c92ba65e9be4c5899888aac035d9e336d3fa

    • SHA512

      be769e16b2865d1875113c45451088191bec80d08d35ab2c6f43e545f66667eef19f5ab5be4df07074733978adf9ba1c66fb6ebbe5903f6eddc3044d59f44d13

    Score
    1/10
    behavioral8

    • Target

      attachment-17

    • Size

      1KB

    • MD5

      25915e3e4a31e1b8849076e4afb8cf59

    • SHA1

      d9f9b3a5aa2f7dc44b3c1a4709ac16b05cfa5167

    • SHA256

      af254c5b0f627229b03c7f534420b8d0412a5d50044df46a4842cd692ba818c5

    • SHA512

      cf1d026a09f780231c909aa03cae6605c32881c7156d2f98aa61cabc39c740ff0235884c87952c4f79cd394502a94bf4ef3926823f733d8e249cc3d6eed7e45e

    Score
    1/10
    behavioral9

    • Target

      attachment-18

    • Size

      230B

    • MD5

      b008650fae5b200f1a27f631880795ee

    • SHA1

      4cfe4b4ccb439a30d236e160180b3c2d88f2cc8b

    • SHA256

      ed015f484594a407360b2b376978a92b1378f65c453863a47d7fd0769022c54c

    • SHA512

      f68749b2e4df78b200c18a8cf8fedcf5a28aead94f81aca1b51ad6e9aa289aadbeab2d4c340f36138a52c704424d41e8912183c43782442ee91e2665a837851a

    Score
    1/10
    behavioral10

    • Target

      attachment-19

    • Size

      240B

    • MD5

      e23400a47517b9e26f7f79ac4afce074

    • SHA1

      87a7199654a69185bc491dd25a2bf4c2f8dcce0b

    • SHA256

      25b0b10254b08b81cdc0009a22a21dc7b08b35517ea872ed9d7e073b63a25161

    • SHA512

      95c14bc4431fd113fbcc4911849a699df73f05ea8887205a4f90d5dc0b436dabeab00c3d5bdae19371c8ec2cc472dc9c0fa009d4860e01a23b52ec115e776591

    Score
    1/10
    behavioral11

    • Target

      attachment-2

    • Size

      5KB

    • MD5

      e46fc42751002a49a80567ab60cf7910

    • SHA1

      ab5dd469331eab0d819e18beeb4480653692b7b2

    • SHA256

      00370a3d71e7b71de16763af808acf5740b4e653414bc9b5fdfbfe1ef1729985

    • SHA512

      5a41a56a189e076435ac6e37951c97712c646637e2d620e03545d1b59793dd10cc00fe44fa9373af45480ef57cd97092044f3cf39ed97d2be63287ab888ff533

    • SSDEEP

      96:sARf6LCD7Q18jRPK3ZuQISp8DB6mebNEGDh:3cZxk8mebNEGDh

    Score
    1/10
    behavioral12

    • Target

      attachment-20

    • Size

      157B

    • MD5

      da44b0c02b5828479a574590b62ce198

    • SHA1

      c127d531834d2f86f1f51520d10e3378375dc765

    • SHA256

      70e29af2cd817d003adc67edc06b056505d1c7383f26be62a505bc3a8dc672e0

    • SHA512

      4f9fd979667e5adf919984f164b64e274414b5a8348baee213883e68f9ef8890b25b95df771ef40bb2e1c9ce138c27b13a81771244f220d29750f2b2f8f4fb81

    Score
    1/10
    behavioral13

    • Target

      attachment-21

    • Size

      1KB

    • MD5

      2798742923c063b8d01ffb0bbf36376d

    • SHA1

      82b915eb9ee6d6cb158d750e13795266c5248521

    • SHA256

      09a180d4a622f984dc018c41834efdbdd10e982ce745e83fd341e421d215c89b

    • SHA512

      5914ed60c465a8f4235a353be754131f129f44f50e8e8b42025ca2746211846f361bd265e698a1d1ee9da7ec8b7068573e4fb53bcb04389e14bd2fc143ab0fea

    Score
    1/10
    behavioral14

    • Target

      attachment-22

    • Size

      2KB

    • MD5

      632d067887d5104c44ec860d43e94b74

    • SHA1

      822df4b5664c18bf612b5c4fd1893ec72d904c21

    • SHA256

      3636f083c292593ee4c39475ed493d5262299c1d57773fd5606b2343d4dbdc89

    • SHA512

      18800368dc8cb8ea9172f6c513f425e5902a887f6b1c4d458105a22ffa1aec54c68fb10f1e4c6cce3810d3f79696a014fd30d25d16c48a1f3a82a3cc2e193312

    Score
    1/10
    behavioral15

    • Target

      attachment-23

    • Size

      5KB

    • MD5

      70f788350e0d9331d7e169046f21ef5e

    • SHA1

      ef6535232094f83065827a6b0e92bfe096e87cad

    • SHA256

      4219b33a034a079075c66372aa1c784ffdb789e1befb2b68adfafccf94dc0706

    • SHA512

      9b54e0276275a6f3b7f7941cda210f7a0c3319663371e050f1430e3b9d03bb958848398b16ee4f271924572ace88424d504554b83c14329a8df300c30bb4c29e

    • SSDEEP

      96:t8jNTquwuK9zQVUnZ8PY8h8cJb838u8t8Z8dWd8s8Y8wc8a8iR8KR8hR8j8j8i8p:AuVnnuxWVcH2wirf5i

    Score
    1/10
    behavioral16

    • Target

      attachment-24

    • Size

      366B

    • MD5

      cf1bdadd28c11cb62768d8b504c17f8d

    • SHA1

      288ca5ff037916be4cb5aa7a99dd6075ea7ff358

    • SHA256

      dd6d850b7cf887283a3f15fac128bdcac177a9e9178710a9c8dc149d48bb3d29

    • SHA512

      ac87677dce3886961bc59890e53ff41bee40baf808d1522a96ba432a056f5bea2cbed5f32dfea3b8b46d88408be32427e9b909f70680445472fd42f36a886bd2

    Score
    1/10
    behavioral17

    • Target

      attachment-25

    • Size

      726B

    • MD5

      b411983be8e65b890b9c4a871df9c59b

    • SHA1

      2aadf65f528fcb4d450024135856921b66b2a8b3

    • SHA256

      1f774e08f776408da76bbc78197e8265342c951491a28a3239aee6318ed113a5

    • SHA512

      01d9caedc6802abd16bc555fca55a9193b12246cbf3154eeb9199065e2187f45921446e95ae99a5933311a720f3360c9e8ebaa31a76b23e5022121e6be674b42

    Score
    1/10
    behavioral18

    • Target

      attachment-26

    • Size

      4KB

    • MD5

      771f05cd1bd4222fe3746a60c6da1fc5

    • SHA1

      a60908d683345d8c291653ac8b3cabb282a262d3

    • SHA256

      58051d9fbe51780d6c712884f0ee83586a3326aabb5eb115ecfa54e8ab1dec28

    • SHA512

      44285cfd16923d58bd9bccfc010866b8cd24a0ef60be9e463cf4e536a25c2752ab7078d410e51fe0836d6faa711e58815973cf6e3fa1de3600f2a2dd2ab4218c

    • SSDEEP

      48:vqSBqBcS/Nk5+bR+M04lNcUEIcUbkbL/sl8V2aqjt6Y2xjYeZW4:vlKTVkBHUUeuQa46nlJ3

    Score
    1/10
    behavioral19

    • Target

      attachment-27

    • Size

      8KB

    • MD5

      b226d69f952f167e2bfdf201e37e6b3e

    • SHA1

      f346d9199537c243cfa650ac0e1cee867b4fdc30

    • SHA256

      40225bcdda0c2b629ca0b31b5d76655390d6142ff74a40726cfb69f59e6fd9ce

    • SHA512

      3e41c7e754023c0f82288d50f92b059385377400246846b57bc1bdab4d67c502f7b6b82b13bf92a413999742199e14c6a7438644bfd2574769838086118f6174

    • SSDEEP

      96:7APEQDtCgbNfVKX+oQA1CTEnqfAdazwNi:7APEQDtsD1CoqfAdazwNi

    Score
    1/10
    behavioral20

    • Target

      attachment-28

    • Size

      6KB

    • MD5

      1732ec75ca1b170e610d3ab0cc88ad89

    • SHA1

      2171f6097c37d9c471e6d64c11df81ee2f889536

    • SHA256

      6c9c2b82f41aed22569d8dcd03dc865fb9e83cf929c77afea2794b7ec31c1edb

    • SHA512

      401dca3f17cb4223ad3ef240337bc4e13e344b48ad17583bb9915916e28d45baf32d08844f3938a3b6927f0d11d338f0d66e4f1fbd8f8ad879a22663feaeeeb4

    • SSDEEP

      192:T4ENxtLQj0+Qj9j/jZ/bTrRE8aClZR/5pFjXQ/rkronk6wX:R3+Wrp+4

    Score
    1/10
    behavioral21

    • Target

      attachment-29

    • Size

      675B

    • MD5

      d5f7a2a4a194f033d83f5128235a2409

    • SHA1

      890d18871529b0556475aca0845b52009ac41ec2

    • SHA256

      cc1f4ae2cd9376af1cbccc39ccdc292e504be5e76f4985d780fbb182750e09cf

    • SHA512

      5abc806a4b37e22157b1c90adcada1d8753e57bf80f2635617744bb2b35c6163f26dc67a59a0925666835635e11d1cde2a798958bf34df845e7b4b6ccd6516b3

    Score
    1/10
    behavioral22

    • Target

      attachment-3

    • Size

      20B

    • MD5

      3b288788e28cac582c6ebd9a98a1f793

    • SHA1

      2c06b611a44162aa35b1a919e8827c8afe6109d0

    • SHA256

      e353cbfdb200b15ddc523e92e7b803e3ba8cadb74a5270baa3aea5b779319c98

    • SHA512

      d9ff6cdf035867e3e92f9a71577a19a4176f02b77f869bef76d5e6ed9094f629182bdcb4b72501e6f24cfb46d0ce9faa2888311b9289cceb64718ed26412f0a2

    Score
    1/10
    behavioral23

    • Target

      attachment-30

    • Size

      7KB

    • MD5

      41b3ef3049a1374c39f30603f88a942e

    • SHA1

      1c7934db6fd003147a7622b358c34457dcf7f59f

    • SHA256

      0cab771e7dc6e3a584cf32a7ca6aae1f109a51f94e2069168b0e5cf6aca9dbb9

    • SHA512

      fb7dd756b2a03948f6df9dbce1acd6fe4bb39b01d4ee97725c9f443f213abc79b0e140dcf79fdf920b1c645c6b55994bd4b011f90db62f28d6509a6806979deb

    • SSDEEP

      48:Hs336wUuxqNcNpNPVE3W4cNVOGQKg76xy9tNKE5PWNVNy2Xlueyh9SALcZtFlbjO:H036tmzN3RRxGvqXEpej5mz0swfm

    Score
    1/10
    behavioral24

    • Target

      attachment-31

    • Size

      6KB

    • MD5

      cde817bcc9c4baf28bead436cd0031d6

    • SHA1

      5d9ea9efe01b9561043f3e38acddd98f4e173775

    • SHA256

      9f80072d1db1384cb578964b3696804d2d237e39c6c3cbeb91ac96d4e47002d2

    • SHA512

      0f8cb166be45ba011756a6f054cf2c883340e74d256a77db76379fe5c1dd02d7413dfc7462620d889f5e06cdc5337da755f19bcb127fb05b7adc4737b88dd144

    • SSDEEP

      48:dcmVzsIAY+XzaDzppS2dzLvLhcklFFyCT2Z2HWNLJ+42y33NyBnrD+IYrmCsS+Nh:eXI1D2Y5yCKsHPdhMNsSzINp0Y

    Score
    1/10
    behavioral25

    • Target

      attachment-32

    • Size

      14KB

    • MD5

      0540ea7794688d8cb6298d922b29a841

    • SHA1

      1c9220b48d4286d2f086ed7dc292d674cc4afb6b

    • SHA256

      ece6ad67155effa86362e27954799b84396992e521e6c3dbdbca42869a36df8c

    • SHA512

      b7d0848648dd0717829b48bed5be8ca03810d24bf3b5f86fd01040d386ccb242a2ffdc3dc3a4c9b239dd1e3c7bd21fd9cfa1e2ecba7d68304037eadac111edbc

    • SSDEEP

      96:pzFZ8xtdvaGdyaqdhdyagayqd6a9aqlwsAWsAKl4rdYddXOKQjgZbLZMizEC3AuF:l6ylB0qDARviobLdEuO61SD8/GQNY4

    Score
    1/10
    behavioral26

    • Target

      attachment-33

    • Size

      1KB

    • MD5

      81611cfd05ac9841ab90d4f86253b271

    • SHA1

      43cad40627aa5d8ee82b331168ea185bc94a2d39

    • SHA256

      2a806e8772e89a073637877ee4daa14014eee16136820b9549de20e99c85f795

    • SHA512

      6f05be0d88946a33b409a05f8dd24fd52ebee83ee0d70cfba0dd58ba285f263e976520809b0fb4e5ef3545afbbe168088c89f09632e0ff2729fa546af3650e4b

    Score
    1/10
    behavioral27

    • Target

      attachment-34

    • Size

      3KB

    • MD5

      a91cecebd6688ebd4ff0901bc02751e7

    • SHA1

      4eb255cc1094f2aa2240218e874de5b93cec858e

    • SHA256

      03ba6eeb8db578b63f0ad4ce9d26780e17b53aeb8100d3bfc06c617e7167c08b

    • SHA512

      d7ee8feb9b212477d28d3693b8c5134e74d591e5e57c4a9c70ae671d82254b6da186b6d93a4574d06174ccb708320eb4b9dd959adaf2be6754c5a0bc0f4d7065

    Score
    1/10
    behavioral28

    • Target

      attachment-35

    • Size

      2KB

    • MD5

      a8fea834ad4eff55f033c1423264cbe0

    • SHA1

      443e05d3fc02fcfac8f4cd417070544547550b60

    • SHA256

      a690506990bbcf9e5ec641441c938b77ffa87f13ffc4ec78e2dca3ad048fd032

    • SHA512

      46c11715615162940663216e798b1e04652be68e5815d4b127e159af8925d4595ac0d9294ab07272dd6b7da15ddf951db1fc9ed991f128bcc7b6f8f513c7c703

    Score
    1/10
    behavioral29

    • Target

      attachment-36

    • Size

      3KB

    • MD5

      caf9d86f9e7dd8fd7b1ab9cd1c3ffb1d

    • SHA1

      633ceb85887f77914571c706ea97751235988323

    • SHA256

      8c3e44febefff05f26a42180268eb9d08fe4585b917880395130d9b6444fc3ca

    • SHA512

      d901a08e09d76b4d6b9fa67250f0ff3f03dce6052bd7ac23fcbae359d3bdacae8dbfda7df2d24633f1ad9210cbb02ede7741d1be8f210a92536d16b93c879620

    Score
    1/10
    behavioral30

    • Target

      attachment-37

    • Size

      3KB

    • MD5

      285129f2b66d8cea522eda3f812ea8b6

    • SHA1

      41fb0b6e05d599e7e8df2c735be27e19d67f45d0

    • SHA256

      4a14782bb7516128a36c636a8c1f33996f41175beac21da8de86fe3dd71e3bd3

    • SHA512

      15f611acb922cb3e7565f23dcd8b9becfa30cfa0a684eade81f13af65918df44185c114f08a02d07d337f3c19a5ab2aaa89b2225576ab2201a972b5e924724b5

    Score
    1/10
    behavioral31

    • Target

      attachment-39

    • Size

      559B

    • MD5

      45109ad32a77660cccd53386ec6aad3c

    • SHA1

      6f64dc31b734fba1e11f5ec648bbd3867fcf4a56

    • SHA256

      360535cdc3212995b44281f6e57e020a17e20592f8b0f8342dc80f251ded798e

    • SHA512

      48a65eef529fb18f8b0ea4ef6daaa663c131353a90288e038cd09637b148a20e709e073ddba532fa02ed5f466e75331eee157ed656fd3b4bb88173e3d44fd3c2

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks