3583356b1900cc2f31f3a9115c912814069c1a8b233e48a274351d0ea3ec3a5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

803677328_distr.zip
Size

6.0MB
Sample

241009-qbyx2azbnd
MD5

ad9ebbb48b0df5d059824171b39cb445
SHA1

2eaa0c36cb73648a6f7facba399a6c2aef2bd2a9
SHA256

3583356b1900cc2f31f3a9115c912814069c1a8b233e48a274351d0ea3ec3a5e
SHA512

3a3314536e7eea543dbded3e451021c34fef45645cade226b3253cca5e179add4a8816d08f1bad5f8722fd3b22016154038561bf1e98dfab4a0427e899c205d8
SSDEEP

98304:xAPr4wGDaubytPUzTZjYuGqGSH+JEJEpe1VjRgO7tN8nzlCZvh73lUf6MgV2o2:CPLF6ZOuHGSH+JEJ2e1FqgwzIRh7lUi0

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  Doc/Database/Dict/SpRuNorm.lex
- Size
  
  2.0MB
- MD5
  
  07e9b0a041a27522c114dc746a6042bc
- SHA1
  
  0b25980ce4c3c87209c36b62ce31f63a58226a2b
- SHA256
  
  07b6d00942e615a3618bcb8f9b8a2f0a105605b9916fb72a596dc346b68f77a0
- SHA512
  
  397ec614a31b612a33682326d8831efd83af1b06c2d3c1532811c6388a8dbe2f5814add00db8eb347d431a202eb6f4b85b6a6ecc65bba80bf7b6b1d20a814681
- SSDEEP
  
  49152:NPcvX0Vwn3TBBxnjtXRfox2/s3WxUI3KezAbPOv/5Sd6X:An9Bpfl/9UKvX
Score

3^/10
behavioral1 behavioral2
- Target
  
  Doc/Database/baslicenseua/Attrib/Attrib1.dat
- Size
  
  12KB
- MD5
  
  7fc8d3a543a66c5cfb94519c3bcdd8eb
- SHA1
  
  c8b2b61adc7b8cf52b0eb23f0b60c2a3ec662afa
- SHA256
  
  9bd75df28583800942885378ede7fabf35e889c7d026ca0bfe9d7548c9dc37d7
- SHA512
  
  9f13c80e446769c379a786c19a879eeb0add178965fba0b1c61060ac21fd64a2681184863054d6b667382700a68b741139a09eed8b1c3d2d083963d7de1f91be
- SSDEEP
  
  12:Kd/v7Kaa6aJ/aspkBJjzFSRe6CNxOPXrkZrya3yJIsJkkenztt1DF+sjldLhs:Euaa6iFMuc5OYlyaIIsJkkenzD1D7phs
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Doc/Database/baslicenseua/MorphDB/Morph.crd
- Size
  
  5KB
- MD5
  
  aa07a55b49b0dd6c6045c5e1dfb6f86e
- SHA1
  
  53280d362214a5d41f10a4e0a8282cefdbb02da6
- SHA256
  
  01217648379707c783a7157f122e4775b68b688a686860176ef2c4405e15b54d
- SHA512
  
  4f51e1f5522e283ee510f67438ebe5045c9aad3295ba2049eeda7b86a4b2224ae5ea3bbbbf79edf3c125ec82ab51a767594d5ba2cdbd282a17965a0c55d134f9
- SSDEEP
  
  96:4uNKZkxMJJJClKpmtK/paT47cOGFUtLTEKe4Vy39rt5x94SM:ekxzZaaMnGFUt3VE9r3K
Score

3^/10
behavioral5 behavioral6
- Target
  
  Doc/Database/baslicenseua/SynDict/SynDict.ind
- Size
  
  1KB
- MD5
  
  28291edc15d3029666969b2880f82255
- SHA1
  
  25a59ebeb6a2db55159d806a7db65691efb8478b
- SHA256
  
  ee906df2a78185bde9aed37e97179791e426d9ed54db7ebbdcc572e4fb21d5bb
- SHA512
  
  ec089d1502316b355035ddcbd8d6111c7b8305a54a228479bcd70b7a8052c296a4376392a0a72597b71c07cf022557ea2e65f365b112b5625643c1a53158672f
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Doc/Database/baslicenseua/SynDict/SynHier.ind
- Size
  
  14KB
- MD5
  
  de062c26d23ddda39be00117b9038af1
- SHA1
  
  12462dd2510bc0b6d784b5ba586a589fd32ca274
- SHA256
  
  c185c64711f2d6b2aa80800b0941f83238f40f7112a5676eb8c91d9791273e1b
- SHA512
  
  5c9c0a43dbc31cadc1071d495f1820bc87185c8713080243b0877b35bba968d262079168df47f4529bc4e3bd86e06dfc6713e8fc6ca1f3cd8cf5c8adf36620af
- SSDEEP
  
  384:xdcBjgEuq0hAcXMrnQIkTqD9nra/Z3yFsNsAZ/TwNRXAJ1dCsJ:08ExYAcXMro3isyzRQ186
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Doc/Database/baslicenseua/SynDict/Synonym.dat
- Size
  
  18KB
- MD5
  
  a589d4d1e7c93e04de7be5e1250a24b0
- SHA1
  
  ad0d69f499428109e9e7bfd1ad6002c443b09ce5
- SHA256
  
  e927d159ffe3d987e23856a71e73c4a29315502bf3c321ff866b4a3b1dac00b2
- SHA512
  
  da6648aa0f85a820c58bf9297f8fa365f651d30f641a4ff33403dfddeec0f14d0799d38fb516c6b2ee74b43b545342f8966f88c0407c27e474077f139898d699
- SSDEEP
  
  384:EATOj9BAiTqC0Z8ScnyA3LPk7ZkBCE1B0XQcC9Xezt31Xn1F:TTOreVcnTbPA8CE1B0XQcC9UNlP
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Doc/Database/baslicenseua/Toc/RefBook.dat
- Size
  
  12KB
- MD5
  
  cf95eb951fd85cc3841c3dfcb07ba033
- SHA1
  
  ac7058155fd612cd958e565136a594d4d878d971
- SHA256
  
  80890cd85fd13f58221853cffc69445ed65bf875b21373079024bd1bb14dc8a6
- SHA512
  
  082252182c2a4cdb1d6973cf8792a63ba4487f8d98c30bebdfaf9203d7a18a94cc25587d3bf2c386dd4508bdd802f4fca3003cb1b3e0a347069e386e20db943e
- SSDEEP
  
  3:cGmKX/lld/ylIlBVl0:OK9OYm
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Doc/Database/baslicenseua/Toc/RefBook1.dat
- Size
  
  12KB
- MD5
  
  913dab13b869f02dca7ced45912bfd7f
- SHA1
  
  b8a8bf5a386e0ca379e2437b69e988d6b107952a
- SHA256
  
  30ab8de54b2e0ed6558fe77f841d777f2fda1d17ca98826e304f41a187f258df
- SHA512
  
  5d6a514d352efdccb3b3c6fc36b19923e7c855f83035281cff961b4cbf2128069986a000e9eda001e16ada2529a5bc3f8e87427d63243bda90c0ff2b32a23241
- SSDEEP
  
  24:vkt8T51HbljZZpvpYJdgoTYWw/nrOAmuEhYDy83o3EENnKL7KGRFblxnf1sPAZCt:stG1HbNZnpdmYWgfDoHYzXnDHP4HIbg
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Doc/Database/baslicenseua/res.dll
- Size
  
  20KB
- MD5
  
  ec3c564661947d2b2ab8b535da4f0b3f
- SHA1
  
  4717ec3031f3154134a14b9e8ee17474e378a365
- SHA256
  
  563556bda7dfc28c247de90d714c86083b456b55a451e3494a69318938bb9467
- SHA512
  
  d5cfb14f950000b9d6e440b3d89ca40392d9b027096d97bfe59f390ad2e0155dc8f22aa8e5203f8744a0c21bffbc330d083355ae1f13624f912e43d0ead6dfa4
- SSDEEP
  
  96:rMngTyuScgSSgSMQucXFEfNjRLENgSxepfvE:IOScMyQLWfnUmpXE
Score

1^/10
behavioral17 behavioral18
- Target
  
  Doc/Iss.stp
- Size
  
  67B
- MD5
  
  b8f9f8cb24e1b34b1c0d06a17668b5e8
- SHA1
  
  1462d8c3c8d6923eecfa6cb0344de550eb3494af
- SHA256
  
  7ed34d8edb00be4bd9d815b59949ba1fb2203aae602498e1d2a9100c4b34bfb1
- SHA512
  
  7fb1f0c475a666a021d3bb0c7f560b4a73d26dea8d75faa883a751df6fea38b268747c9c33a93aa54d2956c7e33c7bf44cb82872ef316e078bd1dbfcf61da7b0
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Doc/IssDoc.ex_
- Size
  
  372KB
- MD5
  
  f68b8f25410d49c33461b2aecca17ace
- SHA1
  
  ef54d2ea86017da04f583825fa5d3e3c478f3a33
- SHA256
  
  b6f04e8446d5e83f2ec14a2b711c02e588f0727c50c26789e51f287de172e438
- SHA512
  
  66d5bb4785a2f51d0ed3130cfa45668194d37de738b868a84084fac521e48aadfc71f02a643876bb581a38cd24d87ee234bef88ec0359a0e015168e86e9f7739
- SSDEEP
  
  6144:D0JAGHFfpO8PJtIOj4woM4yqXS7wIB6yK6bHX25foI8i8eIJ14woM4yDXy7w1H+3:D0LfpO8PJtIOj4woM4yqXS7wSbmfoI8Y
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  Doc/Start.cab
- Size
  
  632B
- MD5
  
  1899effb5be17f01ae4125f7d413bc1d
- SHA1
  
  7cd3812d09798dc03b47dc2eed8c4f7d8fe28e86
- SHA256
  
  d5182999f4b89968b6893b1fc9d30c5858e58008a9c988c9d96b6e57f2fab726
- SHA512
  
  71d33d484c5bf9fa72d6072518d03118ef645e35f709e174b2cb4a7dc2498defabeeb7441ae21c1f9f25a09c69f6f743fccdccfa1357b04fbefbddbdfaf8aea8
Score

1^/10
behavioral23 behavioral24
- Target
  
  Start.htt
- Size
  
  783B
- MD5
  
  6c7cf6d061fd608f382462632b266677
- SHA1
  
  cebdc6a6fe3f25d2ac6d9207aa884b186384c87c
- SHA256
  
  4fdb46e46c65a9f17d03e4dc75cdf39e081d90fb132bdca6e39f5f383093a6d0
- SHA512
  
  82bdd89b2d7a480f30e6c0a350830561251cc9972842141b5a9049dbc6d4112f8324103abdc09dedf8001e535785db6fabd0c229e7b76628cb8b123b699eacf3
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Doc/System/MSVCRT.DLL
- Size
  
  272KB
- MD5
  
  4300d1a092b91e7c8dfa6f1e5e7973b2
- SHA1
  
  63a4fcd64ecea975c1b91de04702c68a9f2a3c7d
- SHA256
  
  887eb5ce93edb7192ca3e9220f07f9ca0f94db02af5862ebcbdfcb852db99fd1
- SHA512
  
  dbf54f05aa371d5ff2b73ae1241a777c6bff65c37d46fa8d10a9c23da3b3f9d097618a5e246140aa39256ba9270ee3b7a1ab7b442b0a25f51c08bf04535a907d
- SSDEEP
  
  6144:XTHH7lfsdbunoC5XQFnqxNCDHDJDAiFMWiFaNF7R5LooRKa:XTnJfsdanocQdqaHJDAo5Bia
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Doc/System/Mfc42.dll
- Size
  
  972KB
- MD5
  
  71ad9ea933ace083add86bbe4f265d8b
- SHA1
  
  094929e01d6fcb22a0194f0b0ce32b7e3c80696b
- SHA256
  
  ec63a85030c60716acdcf060abfaa95a6a3528631622fa60e7d17fbea2f751f9
- SHA512
  
  61e3a9ac5393ccf4e2f052f0c8d6d4f1877915b1a9d70cc578244a7d9bc3e0bfd0535630e6cc1fad03d1d1e366cab57562ce37885f94b6fdbc15dd2fc34a50f5
- SSDEEP
  
  12288:Tmpjc8agXkUJBdg54X7Vcwcl+ihokY2KuobgJJvrqkTi8Ii8:T0cXg44Je+ih4Vkbl8
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Doc/System/OLEAUT32.DLL
- Size
  
  584KB
- MD5
  
  7b156d230278b8c914ef3f4169fec1cc
- SHA1
  
  6b58e20b2538cb308091da838710f6aad933a301
- SHA256
  
  baeb2f7c1b8be56738d34e1d1ddf8e0eebd3a633215dc1575e14656be38b939d
- SHA512
  
  e4ec2bc714069e0a6b56d89b52aabad92e5ba741dc6f26d2fc2d72aa9ad2ec465dea523cccd810331ab78b5fb8a1244b2b521303418ead5bd6be5a58b43794c5
- SSDEEP
  
  12288:HCKynQWKglDhrUtrvT/NInIk4NDXsR6lMlpGz:HGXqB8V6lMlMz
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32