d80d33cf63c15b5804e7dc096733026a01c300aac0e36cff5c9721adaebb1b2c | Triage

Sharing

General

Target

中体彩2024年度员工晋升材料.zip
Size

8.6MB
Sample

240528-kdp51scf2x
MD5

2d9ed22ecc2938f7f423356f9e7d2c98
SHA1

6c0811f89f3e27e2afe4ddd66f501c3fa26b014b
SHA256

d80d33cf63c15b5804e7dc096733026a01c300aac0e36cff5c9721adaebb1b2c
SHA512

3838d949560d68a30417bfd2491aad9c12d9aa04746735f3ea384e26bb82485e42f24670c3c2bf36f3311629fd27de43c72eeaa74b2334bba1b5bbc76b9439a1
SSDEEP

196608:b8uRq5EcxW207JsMbuht8aWXWaZLZNnyrF0Hxv67N7dJnf/dIlmmTKVS2Ta:Xq5EcxW29RuRnyra6tKya

Score

7^/10

Malware Config

Targets

- Target
  
  中体彩2024年度员工晋升材料/中体彩2024年度员工晋升材料报名表.pdf.lnk
- Size
  
  727B
- MD5
  
  c02c168c1c97d6f113b88cb8c1ddedf9
- SHA1
  
  ee235ca5916d3003eab418dd9a3e2e0286bc3852
- SHA256
  
  cd029ad0d35e589c6340a33b094a3ae866648e4b93926ad7b3278d1531b583f3
- SHA512
  
  857ca5cacd21d194288a82a60a0cab439cde23beef5ebb4f83a4cb0a60694ff32c83682e4414355e26a59d4c73c29c2cac538107ee5cb95bf001b66582d6f569
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  中体彩2024年度员工晋升材料/其他信息/.__MACOS__/.__MACOS__/._MACOSX_/PROPSYS.dll
- Size
  
  20.7MB
- MD5
  
  6d6c7dbd71698f3994a40c6c7c49c40b
- SHA1
  
  a683075719121fca4343802f615fe55ddd4bb390
- SHA256
  
  4d50b07a2a0c7ebc8d39c5cb11107d85544e9c20abb53c5424423e280b8bfbc1
- SHA512
  
  ac9494001849d089d12207368541841dd2716ac1d1a8554b63f624cc3f32c1d5170b20edfd0ce05446b1040411df03e15d4e100fdf58df3267f85cc30f4aa95f
- SSDEEP
  
  98304:kbw1o1APQYDP5b3cmNttCdWbReNm+CsCwY8tE3/umfTJnQmD4yL35Fs2V:XrP5b3cMtlbRH4r5+7dVD45K
Score

1^/10
behavioral3 behavioral4
- Target
  
  中体彩2024年度员工晋升材料/其他信息/.__MACOS__/.__MACOS__/._MACOSX_/osd.com
- Size
  
  245KB
- MD5
  
  4acc218e13667ca101cab9db29e44a77
- SHA1
  
  a84bcee7738b86ae41baee4e73d0a8c2a735e0fe
- SHA256
  
  1ab5183a4d362a358b27a66b3013fcb17486e3d44b018fc1fa2cc2c7ba3f963e
- SHA512
  
  361eaad250755271d5158c30393e28cdceed54d8756c13a22dde303147ae9a4530c3f9758628d69e43240bc5582056eabf3df6d3672f1dd3f51c109566aec89a
- SSDEEP
  
  6144:KpfXnqiLZ32RnqlPy0GrN5HTohi9qQuFnwOEm:KpfXnzGRnRrzoY9zOEm
Score

5^/10
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  中体彩2024年度员工晋升材料/其他信息/中体彩2024年度员工晋升材料报名表.pdf.lnk
- Size
  
  717B
- MD5
  
  788c495923bd62a29c37e7c3650b8f40
- SHA1
  
  ec6192b5a58891cbca38ccb5c38a836023b0ecdc
- SHA256
  
  cd529e1410bfe6e093a1cf74ec97eab24188e45128487b2e3e32ecea4abc835d
- SHA512
  
  e0f8f50fa756288092680a0cb9bc2688b107690ebfac5f61e9f14fdbf79a2499c1d618b48778dd78d52279fe27e3c6e4fbcc4d814f2c40beebc77dd07b43f6d9
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8