General
-
Target
RiskPlatform.zip
-
Size
270.6MB
-
Sample
240814-pxwjcssflc
-
MD5
4338b4e47dfd10a794d62b8f0eaf5501
-
SHA1
60ed574567fff35defb8bcd71b004565a9f69b06
-
SHA256
29056c71459cc32452ab76136f8c79f206d8f3144ef8c6b83a4db8f531b90625
-
SHA512
f3ee76ce5ea6335b4d9616af31de99d6d65487be641aa5517493aa2b346066a5798ea185539e1c59b8ba7b98b4d3474d37d705d49f2bb37fba19772da267e508
-
SSDEEP
6291456:tRKbfZmOtdvMKEmOBajygGl2lSTX6im1jU0iKp7XWP9:tQ7v53EJBajyg2TXQVU0hGF
Static task
static1
Behavioral task
behavioral1
Sample
RiskPlatform.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
RiskPlatform/Palisade_Course.lic
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
RiskPlatform/RiskPlatform-cust-Setup (1).exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Targets
-
-
Target
RiskPlatform.zip
-
Size
270.6MB
-
MD5
4338b4e47dfd10a794d62b8f0eaf5501
-
SHA1
60ed574567fff35defb8bcd71b004565a9f69b06
-
SHA256
29056c71459cc32452ab76136f8c79f206d8f3144ef8c6b83a4db8f531b90625
-
SHA512
f3ee76ce5ea6335b4d9616af31de99d6d65487be641aa5517493aa2b346066a5798ea185539e1c59b8ba7b98b4d3474d37d705d49f2bb37fba19772da267e508
-
SSDEEP
6291456:tRKbfZmOtdvMKEmOBajygGl2lSTX6im1jU0iKp7XWP9:tQ7v53EJBajyg2TXQVU0hGF
-
Detects Strela Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
-
-
Target
RiskPlatform/Palisade_Course.lic
-
Size
405B
-
MD5
066ac70d36c8366513498d5bd1affeeb
-
SHA1
c4cf43b1ace6d981c1a6250445ccde4c3c266e51
-
SHA256
1d785931bbd20c2a606f3994fa6dfd4e73d531683573cf35d103f1e636ee3f71
-
SHA512
3c9f37e589ca851133b3d99a62665c1006ea48b6c81b396cd66514ad6c18397ffe14738094194ee026b284517fdcbf5bf48b65d9ca22f088b7cbced486cc43a6
Score3/10 -
-
-
Target
RiskPlatform/RiskPlatform-cust-Setup (1).exe
-
Size
271.2MB
-
MD5
be2b654c77086aa5baa154d2f8639c5d
-
SHA1
5b36a274c86f1034c120f5a7e4a689125c609d65
-
SHA256
f43c22f15b646ff3959c6f6f3da5bf98f096865190f35bca6a7dd7cad67a3dcf
-
SHA512
7bb23bc848a3573df1004804f7e400ab619437c11b38ca87f863917f600ec5287891dd4c51b946b2a9473ac1d26e53c5c5afb9bb4c1c71e2c30e7edf96ef1e79
-
SSDEEP
6291456:oZTrrpe49836sgMdytGmc3SVyB9ueg9hUKw0LNz+3R:o9/18KsHdytGmaB9aPUKrCB
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-