Overview

overview

10

Static

static

10

00ab8a1a2b...51.doc

windows7-x64

3

00ab8a1a2b...51.doc

windows10-2004-x64

1

04bbbaf0d0...25.exe

windows7-x64

3

04bbbaf0d0...25.exe

windows10-2004-x64

3

1139a9099f...64.exe

windows7-x64

3

1139a9099f...64.exe

windows10-2004-x64

3

114a8c03ee...39.doc

windows7-x64

4

114a8c03ee...39.doc

windows10-2004-x64

1

19911c6865...fc.exe

windows7-x64

19911c6865...fc.exe

windows10-2004-x64

2299ff9c7e...6.docx

windows7-x64

4

2299ff9c7e...6.docx

windows10-2004-x64

1

2b79b44b0f...07.dll

windows7-x64

5

2b79b44b0f...07.dll

windows10-2004-x64

5

2c6638998f...2a.xls

windows7-x64

3

2c6638998f...2a.xls

windows10-2004-x64

1

35352a7ac7...ce.exe

windows7-x64

35352a7ac7...ce.exe

windows10-2004-x64

3792408618...3f.xls

windows7-x64

3

3792408618...3f.xls

windows10-2004-x64

1

3b0fd96950...ea.dll

windows7-x64

5

3b0fd96950...ea.dll

windows10-2004-x64

5

4078c6d0ff...f7.lnk

windows7-x64

3

4078c6d0ff...f7.lnk

windows10-2004-x64

7

428f4ed31c...99.dll

windows7-x64

1

428f4ed31c...99.dll

windows10-2004-x64

1

4c27f9a78c...04.ps1

windows7-x64

3

4c27f9a78c...04.ps1

windows10-2004-x64

3

4d9f557790...24.exe

windows7-x64

7

4d9f557790...24.exe

windows10-2004-x64

7

4f7848518a...6d.doc

windows7-x64

3

4f7848518a...6d.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NewCompressedzippedFolder.zip

  • Size

    5.4MB

  • Sample

    241021-wwl2vssejm

  • MD5

    33998e72176fd7f512b5470c17c31c32

  • SHA1

    925f5e06b634febb4bce82ae1aedad8f6864174a

  • SHA256

    088b9bcf49b2a7e6550cd861266eda50941f892c691a248d353c885a29aaa433

  • SHA512

    cf98bf8cc682848c858adeb754432e491d04f7215253b14182f16f9e980df4ae0d27756fc64b55ad0b556f1353df4e77e36d5b59306d899db46a73cedc6cd0d3

  • SSDEEP

    98304:1h9qibnI5jcXToN6IvbcRhqIf79Qpqba4PQtfIhjYE5gGfIhj7r14NB3A6gXzgWc:tK5jT8IDcL5TVNhEEShXxBEQY

Score
10/10
njratdiscoveryexecutionmacromacro_on_actionupx

Malware Config

Targets

    • Target

      00ab8a1a2bfa99a92e0cacaaf1e7ca1af6c8cc0eab6f070f157ec9c2d7f03a51.doc

    • Size

      70KB

    • MD5

      bb3b12c048d389084c1312c081be971e

    • SHA1

      700d09077cca005d2c252feb8d164d633f3c7cf5

    • SHA256

      b4d6ccfafc44a19ac2a931a35c1d0ff1c56207f1d05f8de004a125709cca4a86

    • SHA512

      2769b487267a748187e8ac94f9d01ac0fa18b81faeaf926be2e409787d17e782a519db27a4ee2c33cef7e8bf6b141f3607ac13a345af7a5cc54a9ecaff4d1ae2

    • SSDEEP

      384:Jgt37iSdJ7UX/etr/q2TEEMCny3ZZl/7Odcg60j6bp/LjQI:m5Jgnu7iZjOKzrbO

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      04bbbaf0d059bb09a2e44a3dbadb391a2f5aab5bfef5718fa3e8198502d0eb25.exe

    • Size

      40KB

    • MD5

      772bab36a8d72dfb7940329b138b3f20

    • SHA1

      119297c7c4604b2326e66ece78dfb4a9c7326c2c

    • SHA256

      04bbbaf0d059bb09a2e44a3dbadb391a2f5aab5bfef5718fa3e8198502d0eb25

    • SHA512

      d774b824c4baead9f0c51d4339fa32bc7202ebadd6cb220fa13793a4a8821b55004a580d6d64c4fb28bee299c8e0521dbc3dec64e2fa0a35c3fb8372a006bb78

    • SSDEEP

      384:EDQwIkDfOM12vDMvkx8HzTmg52SEoRyDrQUhDMvksFDfOM1Q9DQw:eTI+fOM1iMsY1USEoirXpMsOfOM1QtT

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      1139a9099f0424b533a49c8bc4ac5d569e67db11ff5fd02c8552a3461db7ba64.exe

    • Size

      218KB

    • MD5

      34ce72f37968e0c1c1602fb64906b710

    • SHA1

      6e49684c0a01a838cfa726207310deed4d6496ac

    • SHA256

      1139a9099f0424b533a49c8bc4ac5d569e67db11ff5fd02c8552a3461db7ba64

    • SHA512

      65c551de12c05cc402d44a53adbcd1d0c635921863a18c540a8feeaec8d99a885d481e37fa232681d26a70edd52f73558cceb066076c472f407cdc07195bd9ff

    • SSDEEP

      3072:3NGrAG0BZ+BcvYIEPGlsCV5eu7JAvzW5W0Vuz5KJnB:8rIZ+BcQJOlVmSSzkJn

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      114a8c03ee9fb30f0094a49e0fcbab0596168697f3dbe0c15545dcaf57928139.doc

    • Size

      112KB

    • MD5

      ce7cd4efedf806cdf7ce8e105ac4d709

    • SHA1

      5e51ab412b24ba9340345f355062f10c4082b6d9

    • SHA256

      114a8c03ee9fb30f0094a49e0fcbab0596168697f3dbe0c15545dcaf57928139

    • SHA512

      dea7aaee858ef2d9a9125d2e690e99d687324a7c30eb8ce611ee6af95bb990a4108ee5231b9c6fe4a81d2b52832f52cda47778528534663322741aaa9cadf469

    • SSDEEP

      1536:0ELDLXMzefraRIoixfcvxGUZgPassBaWCxXJDD3f:0ELDLXMzeeDwfcvTZVsC

    Score
    4/10
    discovery
    behavioral7behavioral8

    • Target

      19911c686578bafabd45a1e491333f1e0bc5eac5f6b1db29aa913dfd3dd207fc.exe

    • Size

      528KB

    • MD5

      4089e8c986275ee4510af1033034b7e9

    • SHA1

      a5ee233382fe8e3c4813fd18b991650a444140cf

    • SHA256

      19911c686578bafabd45a1e491333f1e0bc5eac5f6b1db29aa913dfd3dd207fc

    • SHA512

      92bf34e21978a7043370556e62e1aee738b80d3abc27b77ac1669d7f53ed048ebe0b8c3d58f850b9ee7b14d84049c051b5dc3787cebe7b11742bbcbee19d2a7c

    • SSDEEP

      12288:cfAZfcahsQmOr+77a0oLt03RNkSAPGPx1JLg4D:cQK77NgG3IGPxH7

    Score
    1/10
    behavioral10behavioral9

    • Target

      2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6.docx

    • Size

      212KB

    • MD5

      64a916779aff880848c06ce852b31cd7

    • SHA1

      5134390defe2051426f0e77be6b638ce9b1c2bcd

    • SHA256

      2f5246aacc1d8cbf159d08620a6cc50c5ff6764ea595d48447de38d99452f72b

    • SHA512

      0c45325323f7d928a000845b1cc1fa06d95bce16f0371fa76c322997226103563c3bffa458e9385b82d73acba591f4e4e8b78108344f1fa49e841735c2f6ac68

    • SSDEEP

      3072:AOY9VcEuVMPHZCvRiu5jLZbvXdm9MCbsoDb8AfXgq2qjwWFqwvE0zZ6lgKzzmI6:AF6iwvRJjNcsoDb1Yq2qjwivE0Nif

    Score
    4/10
    discovery
    behavioral11behavioral12

    • Target

      2b79b44b0f533dabe4d08cc0aed9139017ecf2571597ec816bdffbe8aea59107.dll

    • Size

      268KB

    • MD5

      02c5dc235a3815ae32649ec6dec8b63d

    • SHA1

      3a4ed8e57d02c8312147b13b6153ec50dc0258a8

    • SHA256

      2b79b44b0f533dabe4d08cc0aed9139017ecf2571597ec816bdffbe8aea59107

    • SHA512

      ec512f44389aa36013d4fc8ca052963d2ce41d2a759670c5e6a98710cf0e12cdb84f429e913571590b5ef25721c18d79ea6585e7cbc12aca70bcc4d870ba4c88

    • SSDEEP

      3072:0HDp7pRuKjsir5HZFQGrsUwF7hplPoutjgVp25skQ4qu/m1qocmjHwJ0fQh8cP:+RR5rhZFQGrsUwF7vlPoSM0Ou8JcUQ9P

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      2c6638998faca3866c5a12d851381d37f2aebedb299c720ce4dffa09c5e1e52a.xlsx

    • Size

      47KB

    • MD5

      f3f09fe500641b53376cbda5449a693f

    • SHA1

      83ea735e83004d74e960d496f540d3e70731222c

    • SHA256

      2c6638998faca3866c5a12d851381d37f2aebedb299c720ce4dffa09c5e1e52a

    • SHA512

      2e03f3547c0a212b3905549ddb397246aa21f3edecefc83f10d5232c91ea1fc0d4e5d5aa9e7705236f4a0b6d7373e64ac2f4c5424829136d1ca63eaa4d1b21da

    • SSDEEP

      768:mI88aOO/SfOT+XPACr1D30jw+c+MhyCmwyaIDOVc5:hO/SWT+XPlD30jsVeN1D

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      35352a7ac72a7962744268c134b1aacaba3eccd700e5c1378b4c13cf08d353ce.exe

    • Size

      257KB

    • MD5

      8b1b95033da018f8437575172247ee2e

    • SHA1

      28ce674b5f9de2714d461b71f24f9ca472ae64e2

    • SHA256

      35352a7ac72a7962744268c134b1aacaba3eccd700e5c1378b4c13cf08d353ce

    • SHA512

      0416cf6dc5144b8c27f3de3a606892fac978cbde5c16fb608d53a9cddbf4c0366d11900f970fa2d4cda444903d84e71935db7dbb1d8dc5bc2384c91590254141

    • SSDEEP

      3072:djxmgIq6rO8+T/hRVcIho5qNC5S3FhMMZIs:djx3Iq6rOhT/7VcIhUqZPMMZIs

    Score
    1/10
    behavioral17behavioral18

    • Target

      3792408618099db73b654704b12c9520d3267c37e50bf9718c2877ec2e65133f.xlsx

    • Size

      126KB

    • MD5

      a213aa183eb3b0a18b042b197ab86d09

    • SHA1

      bd436b7b38d939c41f88332266e8828374297a70

    • SHA256

      3792408618099db73b654704b12c9520d3267c37e50bf9718c2877ec2e65133f

    • SHA512

      1ab8b5daf1e1a5e94b6ee89f8bdc05d3a30770d580c589cfd78a8456dec2c674b921f336609c0bc52b733f0079369294018b617ad67ec9b07b52c1080c210160

    • SSDEEP

      3072:JCZ+RwPONXoRjDhIcp0fDlaGGx+cLYWxbZZD6tu4vsu:wZ+RwPONXoRjDhIcp0fDlavx+WYWxt9Y

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      3b0fd96950336e30d3586c719ad802d89668276fbc7d7209c8d8bf4e59eb6bea.dll

    • Size

      829KB

    • MD5

      83f78dadf8c363ca7d74baf9e818e8dd

    • SHA1

      3ede8634b392d27e0bf8d19c2ce9113d407bf231

    • SHA256

      3b0fd96950336e30d3586c719ad802d89668276fbc7d7209c8d8bf4e59eb6bea

    • SHA512

      b6b939992d2d6508c5c98ee21e0947b6c290b716df86f3fe4700f9d8d17a12b3516e4bd65d1545ce5dde6528c9575f0d77885a05e0c7fa81d514657be8563c87

    • SSDEEP

      12288:+R5nWFpPoSxgiXiMhr14hBb0QwlPImIyGLj5cExVbR7XPTjx8Gd:VboiX914hBilP4yGikVVXnbd

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      4078c6d0ff9e7acc63c49589d0bc171ce3f2c913bee1bb7bf972e9068f8759f7.lnk

    • Size

      1KB

    • MD5

      eeb472b4565d63a5204a0ee321871a2e

    • SHA1

      13e65f54a70261546435b07ec0e81b9d9557971f

    • SHA256

      4078c6d0ff9e7acc63c49589d0bc171ce3f2c913bee1bb7bf972e9068f8759f7

    • SHA512

      67a2255532441c832d3da7c13bcbc26680502ab287352ff954d071809b44718b8488af895ff13c1708593c1761cec9f0a1018a9866f791dd469e48cb5e5ac271

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral23behavioral24

    • Target

      428f4ed31c02b75f45bb328fd1d8e207a1160a02f1b77f17b30098c4d1cb0299.exe

    • Size

      113KB

    • MD5

      3dbd5cf69eb8c9dfbfeb8bf6795c4b69

    • SHA1

      dd1197951509e3da053e1d6ba9e0df6bc6ea6e81

    • SHA256

      428f4ed31c02b75f45bb328fd1d8e207a1160a02f1b77f17b30098c4d1cb0299

    • SHA512

      532ebf2d3eac0ce66dd91d6c456de81b245101102107e758ecc5bb653d3fab4530309619da1905add3aa801e52097d6323cda253e8b0c71e5e1495d69966139d

    • SSDEEP

      1536:vBnBkZq7VSfZUKY4z703inSHriKiLDppSPzSHaMDwRsDUFvW6D/k6Kxnks1o3hWK:fVVSf6KY33inSHry0sDUFvWD6KFK

    Score
    1/10
    behavioral25behavioral26

    • Target

      4c27f9a78ca18364a6a42b5c61f94442782afef7fcc6a1cdfa9efc09b514cd04.ps1

    • Size

      52B

    • MD5

      d72a9b9019e5e3fa7d37a52411070dc8

    • SHA1

      1eacca1b268d1e80531a53b7fdfdb0024a511963

    • SHA256

      4c27f9a78ca18364a6a42b5c61f94442782afef7fcc6a1cdfa9efc09b514cd04

    • SHA512

      3174c8bb847abcd208a7e546688baf908b717d9b98591acc6075f9521d1761074b0038bd1f15fdc86a90dbe2ae2c1788e72f5b3a2ecf053e70080311026dcd60

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe

    • Size

      838KB

    • MD5

      522d521510528c983e23e85d7ae5e88c

    • SHA1

      f585eda5e0b95d958c0739d52c056aa946211848

    • SHA256

      4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24

    • SHA512

      a80949895e22e6d7a807eef1135a1051e98ddcbd729676eceaa37f8e761dabb0c06e0c4ece352ea3be8e4f8c5ae0f90094e01a96579acf19a4918ed87114a5fe

    • SSDEEP

      24576:keODPIzgOiCVHfUro6fVnho8ekrnupJn9R4D3ii:kRAQYMo6fV7nupR9Gn

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      4f7848518acd8847a6fc4f87ca7a20ef502641426ae1bb1353df989a8edc076d.doc

    • Size

      93KB

    • MD5

      185a52380dd4165144fe2dd72558355a

    • SHA1

      7f5af7f302780d7cfb103c2bdaecec68ca5f215a

    • SHA256

      c18b0d8b31d356019772f6881cc209764a5c46e14288d62af862d45609b5de9e

    • SHA512

      4d5cd9addcf298e923bfe1afcf0e4e210879fbfc3964eb206a775ccbc0bfd070e547b3e6051d69d56efacc767db7a6718aff1bb9788bf21c3f974786e50024f9

    • SSDEEP

      768:0MJgKNEGg47XzDCAUdO7nKj3bSP1EZJ0i1y4xYko38Phe2R4DcODyZedB6UBj:mKNEG1W+nJ94J0HrmR4AOm8dpZ

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

macromacro_on_actionupxnjrat
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

Score
1/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
4/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
4/10

behavioral12

Score
1/10

behavioral13

discoveryupx
Score
5/10

behavioral14

discoveryupx
Score
5/10

behavioral15

discovery
Score
3/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

Score
1/10

behavioral21

discoveryupx
Score
5/10

behavioral22

discoveryupx
Score
5/10

behavioral23

Score
3/10

behavioral24

Score
7/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

discovery
Score
7/10

behavioral30

discovery
Score
7/10

behavioral31

discovery
Score
3/10

behavioral32

Score
1/10