Overview

overview

8

Static

static

1

syncmail.html

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    syncmail.zip.zip

  • Size

    4KB

  • Sample

    240620-wltc7azgla

  • MD5

    21c28988d0d164797685fa9afb8a00d8

  • SHA1

    463fe4e63e9747c87e8d0eab4574a9e87c424dae

  • SHA256

    b6e43184b7c8b412430903d40d71fb2f5111856d0d4504e19921f5b0cddc5527

  • SHA512

    5fe63a2781a50b8255472bf0851171776db24dfcbbeae345fb17c1d98b68bd91300a330e12dd6d81540c2ca7ecbf8671ce35b784136e43cdb79d13de187360eb

  • SSDEEP

    96:k0ROv5cThjFJCPXBjt9HV86t1V+QZcGNa7VMc:TROvmThJJCJZTVJfaZMc

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      syncmail

    • Size

      13KB

    • MD5

      a0cb8c860c42d750033665e4460dadde

    • SHA1

      ee1089596c58462f8870d53e1284dd6d13cb16bd

    • SHA256

      c91a1f5d7c371ca0dff920418445bac99789a9698fef34877adde2100689f207

    • SHA512

      97afd414ac6f7f0dacbafdf3875f06a55df02fe42af600ca28645d28bd578b5f19f3877e7b7ef29d3788961274714942edf1f1d4f8574ffb0d4dce03fc39d432

    • SSDEEP

      384:ZFB9WYv/fQ+NVbkIuQpqeLRZ3uHIBIBqQnqCADCkkwRqXyaGveSGSONM7o9IJM:Z79WYv/fQ+NVbkIxpqeLRZ3ubqQnqCAO

    Score
    8/10
    discoveryexecutionpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks