307b614797a7f18a8a76cfe82d3c8d65d531e485e6addcf86aaaf8b6071e434e

Sharing

Copy URL

Twitter E-mail

General

Target

ASEANNotes.rar
Size

82KB
Sample

240818-zeh6eswdml
MD5

0b60461d17d44766184535abdbe5e6ac
SHA1

62c1ffe72cb31f945e046e03809eb80a64f4127a
SHA256

307b614797a7f18a8a76cfe82d3c8d65d531e485e6addcf86aaaf8b6071e434e
SHA512

49dc033b5cf2157cbc78fe2fab3e82d16883f8cf661e28aba74b6cf07fcfed311bdf8f2cd5e4638a8896128616841db1d7c0e837a7626f999131df620f0c69da
SSDEEP

1536:XD1UfVm4xeAqweIY2P6SfKTsZL6I8XHqFHqIMHvFZjJBvA2wQ0qYmNoMAhIj:z1U9PxeAqg6AbUXqxMPFZX4PqYmNoMAW

Score

7^/10

Malware Config

Targets

- Target
  
  ASEAN 2024.lnk
- Size
  
  1KB
- MD5
  
  698382d42978ee9b86046682cacc76ab
- SHA1
  
  dd149a0c4a650df907557b3c0219fde81d339d11
- SHA256
  
  e537c5da268c6a08d6e94d570e8efb17d0ca3f4013e221fadc4e0b3191499767
- SHA512
  
  e02706545ef29a769c73a664380d9d86f5dc75a7c377b79aa86840270ff1b38f2d4eb24c4dd640556a2b6bf740ff28654f287932bbc66f842d76bab079d9ef46
Score

7^/10

defense_evasion discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- System Binary Proxy Execution: ScriptRunner
  Adversaries may abuse ScriptRunner to proxy execution of malicious code.
  defense_evasion
behavioral1 behavioral2
- Target
  
  MS.lnk
- Size
  
  1KB
- MD5
  
  698382d42978ee9b86046682cacc76ab
- SHA1
  
  dd149a0c4a650df907557b3c0219fde81d339d11
- SHA256
  
  e537c5da268c6a08d6e94d570e8efb17d0ca3f4013e221fadc4e0b3191499767
- SHA512
  
  e02706545ef29a769c73a664380d9d86f5dc75a7c377b79aa86840270ff1b38f2d4eb24c4dd640556a2b6bf740ff28654f287932bbc66f842d76bab079d9ef46
Score

7^/10

defense_evasion discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- System Binary Proxy Execution: ScriptRunner
  Adversaries may abuse ScriptRunner to proxy execution of malicious code.
  defense_evasion
behavioral3 behavioral4
- Target
  
  Mofa memo.lnk
- Size
  
  1KB
- MD5
  
  698382d42978ee9b86046682cacc76ab
- SHA1
  
  dd149a0c4a650df907557b3c0219fde81d339d11
- SHA256
  
  e537c5da268c6a08d6e94d570e8efb17d0ca3f4013e221fadc4e0b3191499767
- SHA512
  
  e02706545ef29a769c73a664380d9d86f5dc75a7c377b79aa86840270ff1b38f2d4eb24c4dd640556a2b6bf740ff28654f287932bbc66f842d76bab079d9ef46
Score

7^/10

defense_evasion discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- System Binary Proxy Execution: ScriptRunner
  Adversaries may abuse ScriptRunner to proxy execution of malicious code.
  defense_evasion
behavioral5 behavioral6
- Target
  
  NS.lnk
- Size
  
  1KB
- MD5
  
  698382d42978ee9b86046682cacc76ab
- SHA1
  
  dd149a0c4a650df907557b3c0219fde81d339d11
- SHA256
  
  e537c5da268c6a08d6e94d570e8efb17d0ca3f4013e221fadc4e0b3191499767
- SHA512
  
  e02706545ef29a769c73a664380d9d86f5dc75a7c377b79aa86840270ff1b38f2d4eb24c4dd640556a2b6bf740ff28654f287932bbc66f842d76bab079d9ef46
Score

7^/10

defense_evasion discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- System Binary Proxy Execution: ScriptRunner
  Adversaries may abuse ScriptRunner to proxy execution of malicious code.
  defense_evasion
behavioral7 behavioral8
- Target
  
  _/_/_/_/_/_/_/_/_/_/_/_/GetCurrentDeploy.dll
- Size
  
  95KB
- MD5
  
  d901af6c326d9d6934d818beef214e81
- SHA1
  
  b78e786091f017510b44137961f3074fe7d5f950
- SHA256
  
  51d89afe0a49a3abf88ed6f032e4f0a83949fc44489fc7b45c860020f905c9d7
- SHA512
  
  a2818b5bce05413ed115a7d1f17ac08579b836524a34a25109db05f10085c99a2f626e220fe9b3221560c001ff892e9fe65033e321cf11a2044dc64dbe627754
- SSDEEP
  
  1536:qzEuYhXMwsMFqzTSFr3QLBVWz2RvWq89Ji03KXeq6Ne+sWNVLicdyHe+roTTTTTH:yE/hXdsMFqzTSFbyXWz2x89xq6lLDyH6
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  _/_/_/_/_/_/_/_/_/_/_/_/office.exe
- Size
  
  71KB
- MD5
  
  823ce97af76ce9321f8ca58f126b3141
- SHA1
  
  aad6f04d8e4a511eb518df3c07a2094c8b558708
- SHA256
  
  0d0981941cf9f1021b07b7578c45ed4c623edb16ad03a256c4cd9aaf900d723d
- SHA512
  
  2f518216bf36dcfcbdfe51066aff94ecfed14bf03aa5fea815dfafddd20e1058fb9861ddf1cee7f823753f0a3e1786e76da987364669564196cb139f1fd840f9
- SSDEEP
  
  1536:gAde0OsTHC1igDz/fMkhk9q6JS+xGibeE3dQ:he07THC1bkkhEJS6diEO
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

System Binary Proxy Execution

T1218

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Adds Run key to start application

System Binary Proxy Execution: ScriptRunner

Checks computer location settings

Adds Run key to start application

System Binary Proxy Execution: ScriptRunner

Checks computer location settings

Adds Run key to start application

System Binary Proxy Execution: ScriptRunner

Checks computer location settings

Adds Run key to start application

System Binary Proxy Execution: ScriptRunner

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12