General

  • Target

    Boeing 787.zip

  • Size

    412.4MB

  • Sample

    240503-wtql9sfg33

  • MD5

    e9fbe3cd9a9f0afc00a44a4c59ccb962

  • SHA1

    c974a398162697f0446e50f5bdeec594cb04d67c

  • SHA256

    3bee6792d2c1ba60c766ad95c39acfb91b735886a3b59b7cc49e08c7f41a9506

  • SHA512

    39469df5e31005f6a1f7bd52feaf2eee16d4da099f80740348243d75f32373e57833667b7f7bca2bb32e11d4e9bf0152939567e0d19aebce89ec998099a52386

  • SSDEEP

    12582912:bdirTABbH/aFR+vnUxmZZfqdMAoCOvGBdkV/vzwz97GQB5:x9OGUxmZRw6ek8J7PB5

Malware Config

Targets

    • Target

      Boeing 787/Aviator's Edition Manual.pdf

    • Size

      1.8MB

    • MD5

      7ce7418b0f103e388abafa4f84eebf80

    • SHA1

      cba7dd146607b968c7748634bbf3e68d20283e7a

    • SHA256

      b94f8422333fc46df14ebf9902c4400466ea2c6d61c85acf7ccb618de57fd0fb

    • SHA512

      c7b1a7360692f812cbe4b5c69c4d177b971742814f092e101f73c7c9311aaa9872d203c1d353da5d8a1170a367d30b118b8d7d6bcaca1da82ea37a08351d8752

    • SSDEEP

      24576:he6XRPwW6VOMlaM+teVoBVhqdRA3yrB3ZqjM8GrXb0PUqsjonAkwJLJSI:hhwQMR+MVcoRPBJqj+XbQUVDJ1SI

    Score
    1/10
    • Target

      Boeing 787/plugins/FMC/64/javaUDP/startApp.bat

    • Size

      122B

    • MD5

      ea9fca63680c22e9e36ef95a5b561cde

    • SHA1

      1f81fb7549cd84a192e9e8572226973b72263e71

    • SHA256

      bc66ea368417515dab0791ac6a05f9f2b1784daecb018606aa7a7ec81c3c3d79

    • SHA512

      55fc7cc2ce91730a9663f205068790a70f604ae80def3d3767ee77deb25f4ba2048e5b95d563eca4c7ea10187c69214e486fa36078ab9b0394b8283af56642ab

    Score
    7/10
    • Target

      Boeing 787/plugins/FMC/64/javaUDP/udpConnect.jar

    • Size

      54.9MB

    • MD5

      d207ee54d93501fc68ea5c390effe456

    • SHA1

      114dc9add5c7aac2e9f3fe351e34cef609d5678a

    • SHA256

      766d18481b3deab5f9f5ea76c92917797d40a9d62b291cef8f6979a4abfc4255

    • SHA512

      a6f54664157d73d9e35d3ac4a84488ff0d482072cf0f55068bc5ab87547a6393db0cd7f72460fc394f601ddbe03fbd0ce7585e1d57afb6b54cba99cae9ed3d7d

    • SSDEEP

      1572864:FmmmEtbwzmbyGevHAi3M9mmEIWv/m0vdzi3oH:PmEt6FGo5mE3OINi3oH

    Score
    7/10
    • Target

      Boeing 787/plugins/FMC/64/ucrtbase.dll

    • Size

      977KB

    • MD5

      9b39d1b563ffdeef3bbfbc39c599b232

    • SHA1

      1269908ba079004db4501d36bb2809e1b2a522a4

    • SHA256

      ef7a69e4c871ebaa4ea4144e42385672cebe02f8fc5451931d43e6bb87b5ceaf

    • SHA512

      4359aab0182a5ef34cc12e5598ad3a671a1acdbb4a8a8108dbf8bc868c021e02eb00c6bb9ac4446ec21858fa7cb0532b95c3218f4db9fcf46b0bff8552ff56b0

    • SSDEEP

      24576:IKyD7Jupdvutjp4njVKNhHeV74Vnc8TYRrmxvSZX0ypv7:IKyJupdv6+juHeV8If7

    Score
    1/10
    • Target

      Boeing 787/plugins/FMC/64/win.xpl

    • Size

      444KB

    • MD5

      ad471e2ddb28242be70d7de6f63f7af0

    • SHA1

      82b4998a648835876b8a376f19da5b9a433b5fdc

    • SHA256

      5601a3eda1d956794aa49d076f3abfa276e9d4d7fab05d9090a664385f5165a9

    • SHA512

      acb4e82957d604aa76926da156ab98d02519382e39694f2d1432805624fb1512ed0a78a8ec9a3432e0378608b548cbdcd8cce048f282d97a94d5c113805fba27

    • SSDEEP

      6144:nc0slV0+xkxfjQmAKL0HPE/+QBq3avn5vU0L4DetQYjmohxGJ8y:nclx80HWgkx3ao+C

    Score
    1/10
    • Target

      Boeing 787/plugins/SASL/64/lin.xpl

    • Size

      10.9MB

    • MD5

      d435d6e11c41a2b01089215d06d0c0d0

    • SHA1

      3da6265586ee1e7d223ca249eb74eacdcba31167

    • SHA256

      6db95f1a8f51cb186d29de32970f26a78bd859301de3911f679fb7c8aa98b34f

    • SHA512

      0c53d987f2ad29559afc00b6ca16078c4401fd6609dcdfcb2e62799e16cda2bd5c01c652043035250edea68658626b89bbb00d748e0320d63596cd13ff735722

    • SSDEEP

      98304:MV0cyxac7dRpmthB/Mipbfe9WjKBU0nAndXThErPNbtQ3kxdj0pvX5M9QJuhCmkk:MV0cyDp05uovJM9QJYo0Rg12J4M7e4d3

    Score
    1/10
    • Target

      Boeing 787/plugins/SASL/64/win.xpl

    • Size

      6.8MB

    • MD5

      56f0f7528b9511403da1e854340fdc86

    • SHA1

      835462c2a11547ad5fcc2d26cb84c2c7896f5deb

    • SHA256

      edf8a896238d25624153b381b162ecb6052bdd0662201f2bcdf98532ccb05ab5

    • SHA512

      66765c10bb71be88eb8741e760882e3338cefa2cf904b215f7f6476e97fbbc6ea9c7faf20ebb93424587af81df896464b6abb6992f1c6bfc5cf32438c13f365f

    • SSDEEP

      196608:Po5eURr0+w+WRI6JTOUg0E8FuuDI0FJeCKGXTgVKnZ/6Dl+2ERSSDwQJvEzod3Mu:Po5eURr0+w+WRI6JTOUg0E8FuuDI0FJP

    Score
    1/10
    • Target

      Boeing 787/plugins/SASL/liblinux/libc++.so

    • Size

      1016KB

    • MD5

      1af1c2098152c8bfb09c032239ba04a9

    • SHA1

      517bd78b2a49b1fce2f53f7248a8432dc8bc64e6

    • SHA256

      72cded7c77f33ea6c0372a13e50f6a8546f12a61d72a86f28721e603d750cb3d

    • SHA512

      2eefa9c889e101be47794f0c76fe9d86a447e9702aa0e3cb1db6ad277fb8181ed761f8518ec28fb081249e8f8b9827578e92c19096ce4be02f70638cfc7bdfda

    • SSDEEP

      24576:FR7l/SLuoWVBRufwukBb09/RZ4Dd0Q18+eIv6SoUvz+zwg37EBR:1VHgTkBb09/RZ4Dd0Q1lv6SoUvz+zwge

    Score
    1/10
    • Target

      Boeing 787/plugins/SASL/liblinux/libc++.so.1

    • Size

      1016KB

    • MD5

      1af1c2098152c8bfb09c032239ba04a9

    • SHA1

      517bd78b2a49b1fce2f53f7248a8432dc8bc64e6

    • SHA256

      72cded7c77f33ea6c0372a13e50f6a8546f12a61d72a86f28721e603d750cb3d

    • SHA512

      2eefa9c889e101be47794f0c76fe9d86a447e9702aa0e3cb1db6ad277fb8181ed761f8518ec28fb081249e8f8b9827578e92c19096ce4be02f70638cfc7bdfda

    • SSDEEP

      24576:FR7l/SLuoWVBRufwukBb09/RZ4Dd0Q18+eIv6SoUvz+zwg37EBR:1VHgTkBb09/RZ4Dd0Q1lv6SoUvz+zwge

    Score
    1/10
    • Target

      Boeing 787/plugins/SASL/liblinux/libc++.so.1.0

    • Size

      1016KB

    • MD5

      1af1c2098152c8bfb09c032239ba04a9

    • SHA1

      517bd78b2a49b1fce2f53f7248a8432dc8bc64e6

    • SHA256

      72cded7c77f33ea6c0372a13e50f6a8546f12a61d72a86f28721e603d750cb3d

    • SHA512

      2eefa9c889e101be47794f0c76fe9d86a447e9702aa0e3cb1db6ad277fb8181ed761f8518ec28fb081249e8f8b9827578e92c19096ce4be02f70638cfc7bdfda

    • SSDEEP

      24576:FR7l/SLuoWVBRufwukBb09/RZ4Dd0Q18+eIv6SoUvz+zwg37EBR:1VHgTkBb09/RZ4Dd0Q1lv6SoUvz+zwge

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

File and Directory Permissions Modification

2
T1222

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks