b0cfdcf69000bd3019797036ae343156b90a08db707d3c9bd3557fe3e689ce07 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0cfdcf69000bd3019797036ae343156b90a08db707d3c9bd3557fe3e689ce07.zip
Size

688KB
Sample

240906-b2zjxszcqa
MD5

3f06783cf5d27cb48033208ee5cc30d0
SHA1

f725f99ddabbcdc150232129d8cae8573024b107
SHA256

b0cfdcf69000bd3019797036ae343156b90a08db707d3c9bd3557fe3e689ce07
SHA512

b2f8139fd602f0e53435c9d211672937c8ca0b1bd7156637281c978fd5f7dc02ce39db1ca3f05cc169c8d16e2c3da0e94c1909d23bf61414d3e738eb3b8577ce
SSDEEP

12288:M534IlrPCP0VzCqjR/VZElJUQyL1Kq9hX1rpbEpTZb81xMpQdJUGvN/EMn5IvTWo:M534IRCP0pCgR/VKlOQyL1n9hxMZbEcx

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  投诉举报信/__MACOS/Silverlight.exe
- Size
  
  340KB
- MD5
  
  4c2e417f278e73460b65feed1f3c2d58
- SHA1
  
  9bfcdb1534de42afc1e5e4fee3cdd354e641ef29
- SHA256
  
  ef71193071cc0022a0c504f898b6fd2f68ef55e8fc1d8cfdccf623c0060b8eda
- SHA512
  
  1ca161b1ebce480424c1f18daf7c4213270f89d8c5fb6788adaf306dfa547edb167fa815e07861eb7276dc26782b042a0a3c7e0ed6eedcae8222053324a4c96b
- SSDEEP
  
  6144:Doy8VrICuJfL6prAfwfaJqP6+RqDPOrciFLGTZYJTVJEZ:Dj8KCwfupEffqy+ADGrzStKJJEZ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  投诉举报信/__MACOS/coreclr.dll
- Size
  
  94KB
- MD5
  
  627daded4357e26919d071b0c8a60a42
- SHA1
  
  02262b139b43788eb8b97fd6e551192189523114
- SHA256
  
  3cd7109bc2f60897bedc381b319dda79e0f6695ced7d00d60a8e0eadd9f9cec0
- SHA512
  
  d838445154d568575765857e2a2f222d4734b0b2930e6b4bab575a34186a317800779e134539a750a1787242678094b3989971d2b1690dd6c3a92448ea3071fa
- SSDEEP
  
  1536:bB/yGI5c4uhdj76wXJmhBfA9/mtrJP4JJZqYautmfsb8+l6Ptgc56w:b2W48l76XhBy3qY7z8+l6Ptgcow
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  投诉举报信/投诉举报.docx.lnk
- Size
  
  1KB
- MD5
  
  74d87654703bd0f0d1b195e1aee796b1
- SHA1
  
  96c49465e9835e5e5cb486bcbda8722bacdbff20
- SHA256
  
  50a93c94854a0693b440f8084ace7efd8e70c0170dcd5c66ec1f4af74c237195
- SHA512
  
  8b4d9ae85d3d0570c95ddabc51afd7dd76d308b330a7058136c047519f8f9722ea47532c640dff057f32d9a28e6ba697e36a71ad6433665a3ee5ff01bd1cc9e4
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6