913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800 | Triage

Resubmissions

23/10/2024, 13:04

241023-qbdl4atckr 10

20/09/2024, 01:31

240920-bxp5pasejn 10

Sharing

General

Target

913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800.zip
Size

1.5MB
Sample

240920-bxp5pasejn
MD5

6a0aa1baee0f621768130d8be822d6f0
SHA1

7cb2c5009dc85fa80697ba4678a8545431ba82ad
SHA256

913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800
SHA512

aecbb8be36fcb2f0469ae96397f97811056d257590e86539a83906290375dadc5862e2d0ab221f0d8ef5666d739fa5ac7ab47713f5de6131bb8d5a846bd81ed9
SSDEEP

24576:co3+iL2Wg6DRBWGvke801EWqlbQGLFOEojyMTDp2fcRch9q7jcXLADi:cQL2WgMBdke8pWqlbQG0EobTfcagADi

Score

10^/10

discovery

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  Key Data 2023 Quarterly Cambodia Poll Appendix (2).xll
- Size
  
  576KB
- MD5
  
  a573c3a5f504fd22c302fbba6af0ab09
- SHA1
  
  49c709788b9d18fa8e55b1ec7bbf114998a30d8c
- SHA256
  
  7e9f91f0cfe3769df30608a88091ee19bc4cf52e8136157e4e0a5b6530d510ec
- SHA512
  
  35d34b5add59cb38760feeb23b0bc26fefe76e0d59ac4d74c3231d24db0de49812dcf9b38acf97cd6146907064217c362a99fdbe22d49f6194cce500236c8a10
- SSDEEP
  
  12288:Rn/zjvGHAykHJRLW/4+8bzbBSreM3/qZGDxl:Fz7GHAzH7jX1wFx
Score

10^/10

discovery
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Key Data 2023 Quarterly Cambodia Poll Appendix(1).xll
- Size
  
  660KB
- MD5
  
  ea64d820b7ee387d0e811bca0104d9e4
- SHA1
  
  6f48f58d80ae41f6b979402696c70db74afc3135
- SHA256
  
  af74d416b65217d0b15163e7b3fd5d0702d65f88b260c269c128739e7e7a4c4d
- SHA512
  
  b096717383ec11253d918efcdbe729752869b5e6502875affb1ceb98b8c7097c69103cb57993b42068c38c58781f5476453e5753b9f6e05403d41bc6b3bdf780
- SSDEEP
  
  6144:yxOJXk57IMp7oyR4y6Qf3lbp83A6zbKsS5ukTP2YmqtbSGUmuqZGw+gSe81H9zq2:yx2s7IMrR4yVld8bzbBSreDqZGDxlq
Score

10^/10

discovery
- Drops startup file
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  Quarterly Cambodia Poll Appendix.pdf.lnk
- Size
  
  2.2MB
- MD5
  
  23d55b0f6a502c7ed3a70d41272b0732
- SHA1
  
  36a2c2cd63e3ca23a7934cfb3e7a957f2b5363f8
- SHA256
  
  cfbd704cab3a8edd64f8bf89da7e352adf92bd187b3a7e4d0634a2dc764262b5
- SHA512
  
  53984a522f5629f3bf64e62f9855254c74497388f0632e76b00fb16fba7b7fb45ffe2c0db7cd0e7016847f2a5d966e42b3081a47d6fc9a067c6bd0d9d9e752af
- SSDEEP
  
  49152:zrdLymX/jNT7IBkZw3xFdyaxDadhCtbdMuC4vmYrl4GRGjEOaUJiuw:
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6