Overview
overview
10Static
static
1China's_gr...oc.lnk
windows7-x64
10China's_gr...oc.lnk
windows10-2004-x64
10China_paper.pdf.lnk
windows7-x64
10China_paper.pdf.lnk
windows10-2004-x64
10__MACOS/_p...cat.js
windows7-x64
10__MACOS/_p...cat.js
windows10-2004-x64
10__MACOS/_p...cat.js
windows7-x64
10__MACOS/_p...cat.js
windows10-2004-x64
10General
-
Target
China's_gray_zone_warfare_against_Taiwan.doc.lnk .zip
-
Size
3.5MB
-
Sample
240719-ppn5ba1dpn
-
MD5
dfaf0fecf79428852b0b685cbdbe039f
-
SHA1
63392f6dd62c7c63b11cf2ae1631af4681d53074
-
SHA256
1fcd696c75e9dea9ab04213e2a7925aa18198e30afd99cf3bd0eb01b6ebcbc88
-
SHA512
9c253e806a01ef1e4ed9ae6e3220a035aa5c664440823cf2d59b748cd2254ae111e52f8bb87c0693fc7da6438462501ccbc158b8905a167c6b1b1c3f09e4a29f
-
SSDEEP
98304:NZlS3xs1yrxPfuTyRHE/lNAUs8Huc8fg7WBG+:NXSi1KP0yRslJsZUWg+
Static task
static1
Behavioral task
behavioral1
Sample
China's_gray_zone_warfare_against_Taiwan.doc.lnk
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
China's_gray_zone_warfare_against_Taiwan.doc.lnk
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
China_paper.pdf.lnk
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
China_paper.pdf.lnk
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
__MACOS/_params.cat.js
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
__MACOS/_params.cat.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
__MACOS/_params2.cat.js
Resource
win7-20240704-en
Malware Config
Extracted
cobaltstrike
100000000
http://upserver.updateservice.store:443/common.html
-
access_type
512
-
beacon_type
2048
-
host
upserver.updateservice.store,/common.html
-
http_header1
AAAAEAAAACJIb3N0OiB1cHNlcnZlci51cGRhdGVzZXJ2aWNlLnN0b3JlAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAACQAAAAt2ZXJpZnk9dHJ1ZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAACJIb3N0OiB1cHNlcnZlci51cGRhdGVzZXJ2aWNlLnN0b3JlAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAhhdXRob3JzPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
58666
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdQ5nVpJ13O9CwiQRtLOdTAwGg6oj4mvtVqZvCbSy9YyU3ngZSDBgmWjSMwrTqMvvKUr5RvigK1N00xTGT4LVtDESUaUvyGU79G24yPaF5rUOJjnAIRazosjB87DvXbI6k45HQsVyZD7wgEXnKFmv3E0Tk9ti5G0eVOKL5tqdS5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.1158912e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/r-arrow
-
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
100000000
Targets
-
-
Target
China's_gray_zone_warfare_against_Taiwan.doc.lnk
-
Size
1.4MB
-
MD5
6f7d85c196c277a6a619f6d94b8f69b9
-
SHA1
530c0833454ca14c01af28961239cb07f783d977
-
SHA256
2fa270cf83b341bc469b0d4430d2b5c3e95109b4b47f4f99c9e878aeaff8ec33
-
SHA512
6bf3761c2157957d5f3349864b4905cf5f2d12f4aa1a78b5aa899de4e9a57544dabcafaf204443f2a85ca2041c94f3ecc95818445885b959b7fbf0bbd2a26f41
-
SSDEEP
24576:yfxwTgCX64xkh3Rj8PVWNvBIIqZGjEbiyiqWwwwDT2VmpoovXoHDImimX6fTG5XF:4
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
China_paper.pdf.lnk
-
Size
1.7MB
-
MD5
b04d484d1e1d793b04af2a5fb88a8a57
-
SHA1
e25ca637223300856f721d2d894589644069e2f8
-
SHA256
b7afa2662f99edcda4be8539fcc6149176f3cb241a724932cadda4088ca695ea
-
SHA512
93092c56d381c6ae2f1526c91f1221824f6a135ef9515e37f64c483a265dd2a38155c966582d055a57e19a92ca38d4b4ae71fdd50edb079af5b279be96d9a3aa
-
SSDEEP
24576:5E4WChcawAdDbiNyhMgM/tyBMZBRKqOr8UHJt7aOefLDDlzWCFQYGsncMs03bdkA:C
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
__MACOS/_params.cat.js
-
Size
1.4MB
-
MD5
5acef2454ed89c4ea4453b5110e88023
-
SHA1
704729e91c09bf8c9ece3d477af1a9f7bb1f4744
-
SHA256
32dda71e75546bed9c3032a139fb1ef8d1b05e35f26bccb568cebbae76db7f01
-
SHA512
c7db5cea6dc13467beece885b52e5803f0147359e4522e355b270af7a8fd23a63d0033380ecdce871051ab1a3d9087b74cccfdfc044db60fe40e411e6ad3398a
-
SSDEEP
24576:NfxwTgCX64xkh3Rj8PVWNvBIIqZGjEbiyiqWwwwDT2VmpoovXoHDImimX6fTG5X9:9
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
__MACOS/_params2.cat.js
-
Size
1.7MB
-
MD5
dee63329fa6efe64693d90a54585cff0
-
SHA1
4072887f7f5a706b1986df229d4b3fe4bfe1f209
-
SHA256
22b2d9c5d3aa575283bc0afc60df5fb8720c384bd7040ca6e4e42491b5fefcde
-
SHA512
573f524deee9ac23c8b962c1394c9d7c2d885cf1127afa172b5d48da2ff45667a6e204f90aaf2dd5e12dab907f83d7458a959565700c45191ade2fda8e684232
-
SSDEEP
24576:OE4WChcawAdDbiNyhMgM/tyBMZBRKqOr8UHJt7aOefLDDlzWCFQYGsncMs03bdkS:d
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-