General

  • Target

    d60774d9cc7de1ca2e9885c046b783afe88a5a42aae74c71cf48b145fe0fad82

  • Size

    15.8MB

  • Sample

    241111-rlf1mszhpd

  • MD5

    4fafaa256dd55735abfbd2538e14bbf7

  • SHA1

    bb255ee68faea97a42179d575be8b5abc6a282b5

  • SHA256

    d60774d9cc7de1ca2e9885c046b783afe88a5a42aae74c71cf48b145fe0fad82

  • SHA512

    dccd0781f7f17b400ccacdaaca94694d5d59865ac777706056f24ada942947136bb0d73a91c9e928df547f9765edc9af53895ed20cd577bf5e5afdea322e29ea

  • SSDEEP

    393216:OZMa2/10o5vPN0KbNbdt2gJeEdGSMLwlh8tm7dYdZGyet:OZMa2X5DbTZ3d5WgbKjc

Malware Config

Targets

    • Target

      MADARA Patch/MADARA.exe

    • Size

      721KB

    • MD5

      99e426c96c1a22c80e253b668fd0ffcd

    • SHA1

      bf3d4d45c9e2338047ea5284b319143def3829b9

    • SHA256

      5978bd2ca99c60e882ecab317428b78f481df38ac6f482dd27f167dd713018ca

    • SHA512

      776cfa14f459ab856d8d1ad42a6ffe790e7344c6ffe16421d4a4576ce4bcd8aa0919ff0af2234bf10a645dc2f1647a7833b28b1f161c21e542e6a4a5782d3733

    • SSDEEP

      12288:xh1Lk70TnvjcDia3KTc0Kr4ZEWFXgeeMBhrkt9qshg49jO332ktNlN4kkXcl:tk70Trc/SKrYQee8hreqQd633vr7aXcl

    Score
    3/10
    • Target

      tick_win_setup_release_x64_6001.exe

    • Size

      15.9MB

    • MD5

      b975591580294c862fe02d31cb3b1c42

    • SHA1

      fcc9665970ea2bb48d6bceff1fee87a88d665b44

    • SHA256

      b9fb296344d4d6cf5e84b2ecff8057a50ada720eac02a03101cd89ffb19e9aff

    • SHA512

      f3d71472a4e5ee7827932a99df26d988552c922c0f7787e4a98373820aad651e328e0cae29366d4768e90ab0a3d5a1f72ba406bf5830d7cb93a609430c3419ee

    • SSDEEP

      393216:Xkkrj0UBdhXgkhx7Tz2mvGavMWm5IHbaREX56f1Awg:XkkhBx7nJ/v7eSJMh

    • Drops startup file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      知软博客 _ 免费分享软件、模板、技术教程的网站.url

    • Size

      109B

    • MD5

      ac3c4afed54589efd3b3aeefcd5accfa

    • SHA1

      d27e71153592c3cc0a37431deea12fcc5a1cafef

    • SHA256

      eaad9df71149e87f5c9658f8d739aea43add7f76b590ab801bb6309aecca48ba

    • SHA512

      97c0f102296442db3d8f5737c81a33bf9ed1cf5eb575f2bbf8a0fc03e9ccbb4077419ab5ca85a0b189474b22067e7320e973d3aa51806a415d343530162f6d54

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks