303be7260ad8330508e98c77c51cc47c0c27a609f65b7aeff3444bf9f6062bd0 | Triage

Sharing

General

Target

todolist_exe.zip
Size

7.8MB
Sample

240901-vqcesswgrl
MD5

412020a2717d73df5663acbd84bae2f5
SHA1

dca090f60d7c74e7a2e7e0a2514ab3d78b10db85
SHA256

303be7260ad8330508e98c77c51cc47c0c27a609f65b7aeff3444bf9f6062bd0
SHA512

8edbf6de88ce5de662c461e31d34144a9e9349df049484fbaf13ab4df9b02b70450510490da9889cd3caafb63512de3e698eb4b8cf6d17df652d8b5db0d24d72
SSDEEP

196608:Ks9ZQzYmJ7z4duFyNTnSiOuqqPcPIoX0WwGegTlapmNjv9AQsUa1JdHM3fdsNL:1UBoeyrOu3kPBX8GJTla4w7JdqFsNL

Score

10^/10

discovery

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://abstractspoon.pbworks.com/f/todolist_exe.zip

Targets

- Target
  
  BouncyCastle.Crypto.dll
- Size
  
  2.5MB
- MD5
  
  3551343fab213740bbb022e3a6dcf27b
- SHA1
  
  de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
- SHA256
  
  5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
- SHA512
  
  e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42
- SSDEEP
  
  49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0
Score

1^/10
behavioral1 behavioral2
- Target
  
  BurndownExt.dll
- Size
  
  372KB
- MD5
  
  716ddf2e670abcc2233b7e52199e9c04
- SHA1
  
  4e4f39f1bf3be3014ba903e640415c6698ceaafa
- SHA256
  
  adcc0d7535443ee153c7ac1d7f63404a98593d40c4bf5af4da348157b9529313
- SHA512
  
  9c1a0d344fc60fd5984f27d0953e4bf1f827d9e26c945476367d44ba45f73fd3869d5adc5c0d292654b311ab959634120f2e0240371b4a415e4416e29b6dddc6
- SSDEEP
  
  6144:MB1w/jvPqDtYes3jXBJzGcjGkaH9jBD80oLSf:MB0jveYeSjBGVHE0Z
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Calendar.DayView.dll
- Size
  
  52KB
- MD5
  
  ed154570d2d98d4384123e66dfb4d41b
- SHA1
  
  e495b1a6e968927698adac614ebfdd6120b583d3
- SHA256
  
  9186fd1f9188126149285fdaf028654c247d7ba490097df4bc5437696b8dd885
- SHA512
  
  2521ce3139c84c71c25e5abff0f65e54b1cccd74defee1773210ee334610474257f74abd2a835fb773c5589241a4405c5d5f874c3ff616cb5bd34834e327ef7f
- SSDEEP
  
  768:iv4iPcTju9zHvmpu7SbEi5EI5suYlBCevjQTJfFL6g3toHGYzUj:+PzmpFYiz5GlvjaQg3+msUj
Score

1^/10
behavioral5 behavioral6
- Target
  
  CalendarExt.dll
- Size
  
  356KB
- MD5
  
  c17467514fc9788c65b6b4105c1f6f6b
- SHA1
  
  3e8dbc3cf0db6fba94cf6723bace96a372fb8619
- SHA256
  
  081a891776ba3fe26108c3d3bbd5aa7b6736a3bfbe0cbb6ecdc1344fbc55c10c
- SHA512
  
  e1e9cee20d900ed89270464a61c3624cb8ff8d4e63dbf83ef42f37203a759eb313844ad3541d044162171a29015e16213f6139a17d860fcd6baa1a0171b20b82
- SSDEEP
  
  6144:xrnZwuUVuRKx7LfkYKB8nqF9HKWEuA40VgLwAnpddu:PwuUswcYQiAHKWE7VgM+ddu
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  CommandHandling.dll
- Size
  
  6KB
- MD5
  
  2462ca1c940b0e0d5cadd2631bdd4484
- SHA1
  
  086be95b14b17368f0d9aad5c63cf43d17ac5a0b
- SHA256
  
  c8136e62b045b429f5de0d6d0fea9e9b179decda5be298b82b886634a678b98c
- SHA512
  
  7825bcacdb9fcb88754bcf6d4a446ea96a2189c36d8a42ae0f025da1f4ec6a8087b0b60599c7f069dd1f8b0b723af386d1ccdb4f30a58470f4978193484ef676
- SSDEEP
  
  48:68QHWRkA4u6wWTytbS+/JhngNM2I/pKD3JILElZLXerOxliaT9uSu8tGT8DYFcSI:I2wu61chxheI/k7JXurOjeDF/
Score

1^/10
behavioral10 behavioral9
- Target
  
  ConvertRTFToHTML.exe
- Size
  
  972KB
- MD5
  
  a7da473f8338e80e70e03786893a0ce2
- SHA1
  
  3b54eeb7569f87b428a56c3c99197a652b6b650e
- SHA256
  
  1ab72306cada401a5947feb7a97fc365da5309f866d8d46fb29f457c1540f1d5
- SHA512
  
  e334e4a0d0012e242738f8db61b2e11b1f51570ac53091a4b06f0406e7b427308e4da36345a79929f4395d81ba24ffcf9b7962f88acc84f755e0f7f10e506a43
- SSDEEP
  
  12288:2PHwpPk8eU72wU7HyGr4lmEPchRx9KzSbtI5bsx7fsOqREgy8f:2Pqmy+4lm73x9CS25bsx7fmL
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  CustomComboBox.dll
- Size
  
  26KB
- MD5
  
  f87cc44f41ac8607c805f28cdad58cff
- SHA1
  
  79e44cb8b1d56ae25886f578465e53dd70b9faf0
- SHA256
  
  49d7088c31b06a0bcffe1ad5aeaf10b85ba70f33f0a5c182c38da13b92c88671
- SHA512
  
  4aa6a5d10337a4c5b2e45f049fe8e3429fb8a989d3f0b47cf96bcad9fb10dc51f350a30abdcdd225077a96f9ef458fddc4aafcf1e8115fd4670d1733df332502
- SSDEEP
  
  768:SoKD1S9rjnvBilbyR/ysiUd9Vs+FeaxZAgqF:uS9rTvBiqKszs+biF
Score

1^/10
behavioral13 behavioral14
- Target
  
  DayViewUIExtensionBridge.dll
- Size
  
  58KB
- MD5
  
  260269de6acbaa2cf9f8aa8c24f8874f
- SHA1
  
  1b80d857764d80282a0d1aa143c2cd0b33aca8e1
- SHA256
  
  fa7b61ce7a41feb36fbaa65cc4015204f725b8182a182c056d9fb577ee783168
- SHA512
  
  452a01de49dd53b9ef83477fca1a6b54a6dbf379a5d38d965941562b191bbdd6a37d8643066756fcaefaf9aba5415a2ce63ba512257c48895c3224ccc510e9ff
- SSDEEP
  
  768:ZCwIplAQkPeheXcViFebTuAdO+uSbMJ/QIBfnSn+0/O2/rkL3PY2B4lyQn437jf5:V+lNkPAxsJffSn+YiY2BX375b
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  DayViewUIExtensionCore.dll
- Size
  
  110KB
- MD5
  
  9c4ee9ab787948406ba5a46a9d88a319
- SHA1
  
  f85bdc4c45012af426e2b1b8a02c7de57dfbca50
- SHA256
  
  41566b12534e10ba7d607d8256ae66234ade6c90712e4547bf8912f418faa34b
- SHA512
  
  b2d42dd4dcfbefd31964aab7e48fa2fc4538ff0a6954e9a8d7a5f4a8eb2d977b5fe307f4e79d621fe96a40f53349c85c9e1b49299be48e626f80aaa6fe2e87c2
- SSDEEP
  
  1536:IMX4NBOlQHG/fq4UewnmeSG58dfBWFDmr6EygnKiiAmjOo/aYM6Nc5Jtw:IxcSetVfBaDmNTnKYmjOo9N
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  EncryptDecrypt.dll
- Size
  
  48KB
- MD5
  
  0617e972730cb137edb275eb286a9a87
- SHA1
  
  516996e77d95a2722f4a46e68658872fe73e59ff
- SHA256
  
  e3ea313a3743c402a4e5ffce02c45c5f4d6fe3f080c0b2ec202500ba0f02b66b
- SHA512
  
  218fa25b1421807764d32e57d007ab13c2b67a4abf3e1d85b1c127d871dc927f1243acdaa45d51a0963af7ce58db0b7f2daa37138ec08f6f58b8eab965ace271
- SSDEEP
  
  768:sMEpPMoJ7GcIQQ6CCuALMqWNU+K74FV2pRpWbSDHCHFAHoAL:sNZQALMqqU+NV23S2IAL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  EvidenceBoardUIExtensionBridge.dll
- Size
  
  59KB
- MD5
  
  e2fbfbb5b1cd344c4d420071f092030a
- SHA1
  
  ed54ae71ccd65d67325d9b385e387c3a0d82e7d4
- SHA256
  
  cd118f1c07578012e2a59d6e1b6835706e5eb5adc67073a36b93ef9ee76a7a3c
- SHA512
  
  f8b22c306580e0b0ada5daefa1014dc86e9f2878cf58db655fe21a5f258829bae5901b9f8ec9500148f811dbffe4ab8a5ec995633d2925a244b35079d69614c7
- SSDEEP
  
  768:tWdDArgJLkbMyViFebTuAdO+uSJjpWSYil1AWXiMk/ObJTALOGSY2glyQzPTVRjE:tWdDArgJk42hAgMM3r/Y2kPTbDU
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  EvidenceBoardUIExtensionCore.dll
- Size
  
  135KB
- MD5
  
  1df8c34f488cb21c2e7895713daaabb1
- SHA1
  
  a8e6fdfc747819c405866285487d9415114cf811
- SHA256
  
  760e901feab29401265dcc773186697a8e4606590915263a38a5d2c0f70b183d
- SHA512
  
  0f1c73ac36e8c39c74073af080c1dfee4153dd4bf584bddf6dad8281b7f17eae436fdb07aa5114e45e2d9f4852487af2947360ecf7d5aa88600bed34dd0723db
- SSDEEP
  
  3072:vgSJwIw9l8oq3Fp+Dd3W/wbbNQe7onK44EG1:Ixl8r37+DOK44
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  FMindImportExport.dll
- Size
  
  120KB
- MD5
  
  33c0f23276eef47c4fcff7e4c3414423
- SHA1
  
  fb84e1fd462649c2d00eececacd179ced111e1e8
- SHA256
  
  a37c5506af717d8200d08456d7161974c69723687111e8de974e5d319b93ecd6
- SHA512
  
  10ecc9e98c2b0e155a98afa7fda0173f8010a98420c033429a07098d7f2a3f367c4753d721a1c663061e818ec015d2308f411d7693ac4e4831addc52e4cdd72c
- SSDEEP
  
  1536:jnribM6mBHT27UfDsDKqnVFszCrR6fG57kJrDx8hBTs7g:zOY5cnIE57uxmTs7g
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  FtpStorage.dll
- Size
  
  292KB
- MD5
  
  afacfccb065809acc42015b95da2e288
- SHA1
  
  9c2219bbfb8d79416dbbab23e68974c7297aad40
- SHA256
  
  d66da581289efa449c5e5633142ed8cbb05aba10aeb019b2ff060d1f2a4aedd7
- SHA512
  
  b28b35e19db792a4a4203b43c5ff760f7bb40c699bd672fce91196f280cf93cad1cf3761c7a40194833f8d2a66e1059d19c84f1bce6727630f719295e391e606
- SSDEEP
  
  6144:sR5roylA3YDOMMm09pJl4Li/6kMTXaAEFZ8ud/to:U5rRlUdFLpJWIMTXxE3Ho
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  GPExport.dll
- Size
  
  132KB
- MD5
  
  5b0fe53ca2056e4e0da55b278c79b525
- SHA1
  
  5813f4fe2cd5d1e0df06091243273c2efa91f2f3
- SHA256
  
  10d094e95136c6855a80e42e4c06d2a3e2a69f6a9f5ef4711add9a3c67ba49c8
- SHA512
  
  bddc124725844a6cd25fe5bc722c828c0b64d22ab7f9587cc800da4f928f709cb0c8abb2d62f6b128beccce3a714ce108ee1e87fd111c5dbbf84fd0c10eba5c6
- SSDEEP
  
  1536:IDdHjPz9KYjIgcUDgjXvYLccxZOjK3Z61A/B1md/stDvh4q4P70KOU:gdHdDwjXvUCK3oMB1WstDKq4P70KD
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  GanttChartExt.dll
- Size
  
  436KB
- MD5
  
  fd406e8b48f6dfd584ed2055c442000f
- SHA1
  
  16e79b917f9556eb3c85201b9be00cf9bb841ff5
- SHA256
  
  5aa20d515c1868f36c84645b45a430028228a0ba74b7936d6da0721a970f1597
- SHA512
  
  1ce8f5131c3573769059aba19563361ba9e9a4b9a1c0ce51a6fa2c703e078af4705b899804adcfc3e5b358aeb3fb81374b2044652252ce15e247e205c907b0cc
- SSDEEP
  
  6144:m827A7XaK3Ww+O6P/nNAhBXG6qJ0+SdcEAItzdgs5L0:jTafws/a726LuEGsF0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32