d225c8a14a04af6fd9004bdb11653ba23aca5d908b753f64c492facee9a9dcf3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DMA_Monthly_Update_Minutes_of_Meeting-reg.zip
Size

11.0MB
Sample

240809-gwhl4sxdqq
MD5

eccc72deb8ce41433ed13591b4557343
SHA1

c40ae6ecf256a8705922b7e198caa95de5c35b42
SHA256

d225c8a14a04af6fd9004bdb11653ba23aca5d908b753f64c492facee9a9dcf3
SHA512

972e5de24809b66f5e72da1f0c13db2e2390d15f6f2af1f809ad1e70e896dee35a0c9967cba8306de606b090b9a2963c39c0b8a2a922d85637328ee65828d7ea
SSDEEP

196608:rOqn7ur+wCanyRTFP3QTlnGFVV6o1zh34EnYZDEVOCVRmA85Q6WjdOWm9Bu513FW:rOqu+wf2pEYVYsz2EnGEVOyqC64OW2Qs

Score

7^/10

linux persistence rootkit

Malware Config

Targets

- Target
  
  DocScanner_Updated_letter․pdf
- Size
  
  6.5MB
- MD5
  
  54473e0d8cafd950afe32de1a2f3a508
- SHA1
  
  14a78abffa6b0912febefe51d58f780b2ce7632e
- SHA256
  
  a9407fdee890615e8e4f4927deb0c32795e848ce58e66dab56bf3b7188bc0b25
- SHA512
  
  c39e25758254377ff27a52e68efd63821169500998b815ed0c38fc6d1e36f5853515c857c96c185a24a747fa6d144542d4bab5b4a71245218011ee298980502d
- SSDEEP
  
  98304:hYMtGCmjJ5GJKLQqJAM3bpg6pvYXYp1kKta:WQUcOg66XYp1pta
Score

7^/10

persistence rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1
- Target
  
  draft_letter_nov_2023․docx
- Size
  
  6.5MB
- MD5
  
  36933b05b7e3060955e6a1fdfd7d8ec1
- SHA1
  
  616e90047d77495b26824860c553141a8b5150d9
- SHA256
  
  db403abf7dcc5bccbedbb53eceef76bd02b440c1114a0b64e665eac1e44fa993
- SHA512
  
  731275bab2d69b0179b9f1ddf6a2fda41865fe917043224edd4e0a1ae9c3cf658e269aad7418893b20604a59d2af6fe98289f4fbd3754dbed81c9bd356b2c704
- SSDEEP
  
  98304:KWlbGMmMBVmMkeqJAM8omTeTf2d1a03i3uXYp1kKt7:xVxPpTeTOd1ly3uXYp1pt7
Score

3^/10
behavioral2
- Target
  
  updated_draft_PPT․pptx
- Size
  
  6.5MB
- MD5
  
  508f4bfad9f2482992ac7926910bd551
- SHA1
  
  f9d5860b5392e49bd7b93cad0d1dc8f036fcf0f5
- SHA256
  
  57e72c7c81df7d971db2977b51bc37447b641466917e7ed8f92efa3b0eb23f0d
- SHA512
  
  5934c0d3f872945eb2b0352407f87d0df8c88cb6f13066e28b895f19ed51029e68d6416cadd4dcf564bacbca95d521d8b8e5bee49238a2f00d061005b24b186c
- SSDEEP
  
  98304:5AC4GYWspMmvpwqJAM8omTeTf2d1a03i3uXYp1kKtD:CHVGpTeTOd1ly3uXYp1ptD
Score

7^/10

rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencerootkit

behavioral2

behavioral3