Overview
overview
8Static
static
8Sharpshoot...nt.exe
windows7-x64
1Sharpshoot...nt.exe
windows10-2004-x64
1Sharpshoot...er.doc
windows7-x64
6Sharpshoot...er.doc
windows10-2004-x64
1Sharpshoot...nt.exe
windows7-x64
1Sharpshoot...nt.exe
windows10-2004-x64
1Sharpshoot...c2.doc
windows7-x64
6Sharpshoot...c2.doc
windows10-2004-x64
1Sharpshoot...er.doc
windows7-x64
6Sharpshoot...er.doc
windows10-2004-x64
1General
-
Target
0cae79da615d3e0dceee34811fded4b4_JaffaCakes118
-
Size
265KB
-
Sample
240625-fplvhs1hrb
-
MD5
0cae79da615d3e0dceee34811fded4b4
-
SHA1
364f326372d277a29ccc35468d6345a132c66a1f
-
SHA256
273a1012cb84d3b0f712e41f8cd429eb78d8063bc931766cc41c0bc94d601a72
-
SHA512
06c5331251819b2831826f03c4e8ba45f601767c153f34656b5a36d5e1286018d93a794e502c75ef171486d72d779351061ecea265a1b7eb4b23aba0e9dccfbe
-
SSDEEP
6144:uACWZnoZd0dbagE8VaO+8X88dZATIPAAmK9APziw/qLwfP:dZZnSdGbaz6apw88dZf9rOixLa
Behavioral task
behavioral1
Sample
Sharpshooter/SharpImplant.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Sharpshooter/SharpImplant.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Sharpshooter/SharpShooter.doc
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Sharpshooter/SharpShooter.doc
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Sharpshooter/SharpShooterImplant.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Sharpshooter/SharpShooterImplant.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Sharpshooter/SharpshooterDoc2.doc
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Sharpshooter/SharpshooterDoc2.doc
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Sharpshooter/Strategic%20Planning%20Manager.doc
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Sharpshooter/Strategic%20Planning%20Manager.doc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Sharpshooter/SharpImplant
-
Size
196KB
-
MD5
2e17b048c7e317da9024a86d9439c74b
-
SHA1
31e79093d452426247a56ca0eff860b0ecc86009
-
SHA256
37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71
-
SHA512
7ee51e53242e59f49d32d6344cbb2c9f2976c7787d00b63d2470c83ff3053b83c86b37b2870127934e60001ed39cb99f486e07a900d34e5a6ba8d240e233494b
-
SSDEEP
3072:GNYWVPW/DjEl0UTilrvZTsGTDNZe2xCJtuKjL9XoL7uF55OjJ7kNT:yYKsvEOUTkjZ3TDNZecCJtuKjxOuFK
Score1/10 -
-
-
Target
Sharpshooter/SharpShooter.doc
-
Size
237KB
-
MD5
fa27a81d0109653e67019f387bad2494
-
SHA1
668b0df94c6d12ae86711ce24ce79dbe0ee2d463
-
SHA256
f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11
-
SHA512
ba3d871237b03537fdce3d3ebdf8a745122df054dce136ddcf9aca6af980b0fd8578053c05afada7dfefc54746e498cfa95587521c2b6367e3f4367eef9484d0
-
SSDEEP
6144:kkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIgD:3dGs4LY5fUa2Gxz34X
Score6/10-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
-
-
Target
Sharpshooter/SharpShooterImplant
-
Size
155KB
-
MD5
f3bd9e1c01f2145eb475a98c87f94a25
-
SHA1
9b0f22e129c73ce4c21be4122182f6dcbc351c95
-
SHA256
88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646
-
SHA512
e441ed2effd935b9c7db3e7eb1cca7b25b320b4adb08e2d9cccb45037a184e210ccf779dd64ad18c590212057656775b2428b3ba1f41ccb5d765d25945aa6f63
-
SSDEEP
3072:ANYWVPW/DjEl0UTilrvZTsGTDNZe2xCJtuKjL9X05DT7VF55OjJs+T:4YKsvEOUTkjZ3TDNZecCJtuKjxOVFd
Score1/10 -
-
-
Target
Sharpshooter/SharpshooterDoc2.doc
-
Size
237KB
-
MD5
20594c33c2d59544a3e8ef5b7a547e71
-
SHA1
66776c50bcc79bbcecdbe99960e6ee39c8a31181
-
SHA256
876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03
-
SHA512
612141f1c81627fa965c8f0bbd0cdd8c2d718947c3b9649188be292f203267255d14dc9ea009e9e2aa3dd3fd691707a173d9d8fefa25869fbfeb906f133bbfa3
-
SSDEEP
6144:KkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIgLx:ldGs4LY5fUa2Gxz34Xix
Score6/10-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
-
-
Target
Sharpshooter/Strategic%20Planning%20Manager.doc
-
Size
236KB
-
MD5
a82cdb9f5bffcb24708e66eb52cce2af
-
SHA1
8106a30bd35526bded384627d8eebce15da35d17
-
SHA256
4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264
-
SHA512
4dad93296dc98e6c53f340640d519550daa82fe7d5eda3d34cdc5b3ebde7d183fb79f32c87709e6f52db917832826b80eabc33d8efc480e5fc6a018099c0a056
-
SSDEEP
6144:TkvQ2xGsRIvLYBAx07dFwRgnNDkT6xz34XutIg+:gdGs4LY5fUa2Gxz34X1
Score6/10-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-