324c0102bae77f7829b0c441875565b1f31f2e57757958a261b9fcef7345749a | Triage

Submit
Reports

Overview

overview

7

Static

static

7

Contract f...df.exe

windows10-2004-x64

7

Promotion ...p4.scr

windows10-2004-x64

7

Sharing

General

Target

vozer_promo_pass_infected.zip
Size

53KB
Sample

240412-3rqyksbc4v
MD5

5d8c03c354500fdeaea2d5969f360712
SHA1

d3a0ff8a84eda1939eb796e3d07b2a9ab7a5a0db
SHA256

324c0102bae77f7829b0c441875565b1f31f2e57757958a261b9fcef7345749a
SHA512

ce58ea5b60ec87196d54ca81f5f3024771c65106b520751ff1ffb329681c033a48bac40adb09a3e572017ddf7bb722e9cdbef207a41ec44c532f44df7529942c
SSDEEP

1536:s4ZN6iF9Ejlp4LrJHtQeCbLpdU6yWUfLeGafDNl:jL3EjlGL0ZPbwLePDNl

Score

7^/10

agilenet

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Contract for collaboration.pdf.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Promotion video from Spotify.mp4.scr

Resource

win10v2004-20240412-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Contract for collaboration.pdf.exe
- Size
  
  750.0MB
- MD5
  
  b1f104a15b02a9f967111a0ac5f7f379
- SHA1
  
  23043fbea3620c4b793ed3306ebedeeff06a35d7
- SHA256
  
  d95014339b85a2a95a540c97c802bea91c85241b3dd74aba7fb1f5d5e26651df
- SHA512
  
  94a7541e9a82c70791064c97cc94c75ec27362615867157e20ba62ac1b9d712bddee06b633ef48c9fde54f1778b8b29ba034beec0d05f317d4cd0b47a534fc43
- SSDEEP
  
  768:ly4GM66uNWJJG41zHClKhv5QO1IthaMolDGA3hwP:WRwJJt1OEhQO1IvY3hwP
Score

7^/10

agilenet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1
- Target
  
  Promotion video from Spotify.mp4.scr
- Size
  
  274.0MB
- MD5
  
  e14930dfee63889484336400c2ab909c
- SHA1
  
  29bbe527926d1347bb866112c3f350f8faf57669
- SHA256
  
  16583f2195d27d6f02d583815c4323390e0c0c14e1b6ad7a05232253ee2a2bb0
- SHA512
  
  1b45c8ce425485638713468c4702fc2a642e5e0d563814d3ae62d8bcd539661a960b9dba707cf0609eccb3dd028730713624993cf19eb0fef84cb2e891c4ba26
- SSDEEP
  
  384:m2rP+4GNW6oBohNW6xt/ssMjLeTI6Kw418lfFdFZr1AFrVPCk:m2y4GM66uNWJJG41ettOT6k
Score

7^/10

agilenet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy