General
-
Target
a33bf755d49373160c54ca9d13df9fd2e5efbe0f86d22a208d9687790fe00ed4.zip
-
Size
2KB
-
Sample
241026-cvefvayaqe
-
MD5
4879961cca2baed6d149c25fa946a98a
-
SHA1
33dd06d389c04dc0e86dadf1cf77739b974fe7c5
-
SHA256
a33bf755d49373160c54ca9d13df9fd2e5efbe0f86d22a208d9687790fe00ed4
-
SHA512
a9c8b4db8fe7873cd04959aa21050492bf4b8fcbc0f199e72a8870cb68976a2157884d02e107f84ab7e8724097e4036329e38f7dbf99f372e7ce885904bbff37
Static task
static1
Behavioral task
behavioral1
Sample
A/3rd_cc_form_Oct_2024.pdf.lnk
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
A/3rd_cc_form_Oct_2024.pdf.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
A/Agreement for YouTube cooperation.pdf.lnk
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
A/Agreement for YouTube cooperation.pdf.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
A/Instruction_1928.pdf.lnk
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
A/Instruction_1928.pdf.lnk
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://urban-trek.shop/api/uz/0547131764/Linipute.json
Extracted
https://ctu.timeless-tales.shop/api/uz/0912545164/CharcoalWharf.json
Extracted
https://ftp.timeless-tales.shop/api/reg/Panto
Targets
-
-
Target
A/3rd_cc_form_Oct_2024.pdf.lnk
-
Size
1KB
-
MD5
d53df33a543f82f01cd65a969c026f0c
-
SHA1
92b8d55b4dccdcdfc076e08dc10e8f878075a4f7
-
SHA256
a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6
-
SHA512
a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
-
-
Target
A/Agreement for YouTube cooperation.pdf.lnk
-
Size
1KB
-
MD5
90de1044962e092ea916ae08649227ba
-
SHA1
a2fafd3d9e2b224205d6a3ae529416d33be68b2e
-
SHA256
8ea35c2bfdf4cad1197abadd19f4f0e09579afcfdb32abc7e71bb5818c6d3ba6
-
SHA512
1b2d37a8615904f074def78a06dbed15d38dc455eb5a715002a5e93c28520154f506d7ea6f150e915ca1bda0564d358635314e9022a170efee2ada168ff19890
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
-
-
Target
A/Instruction_1928.pdf.lnk
-
Size
2KB
-
MD5
b874532b90be5bd56eca4b28951f2f76
-
SHA1
0356abd795c63a10cad9383a767687c92fc1b5f8
-
SHA256
92216ebdd28ee3a886e296fd4ef8c5341b8c9dba8f1d1c498db62c95efc97262
-
SHA512
036d26c62b65af38075842642708cf3e3f8eaef05025a7b3449d39e2f15c09a80cfd79ddf411c6d6d1aadd7fca4a462c4f86b5f1375166928457b759822586d3
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-