0d2550dd62ff770b199e1843e64d433c426fc7412c2602956b56567fd41806c4 | Triage

Sharing

General

Target

0d2550dd62ff770b199e1843e64d433c426fc7412c2602956b56567fd41806c4
Size

10.1MB
Sample

241121-lc29mavpgn
MD5

08513189b1b99c2857c65c7c69c0dca6
SHA1

a27868732844fb895c7a63b6809209b6c819b883
SHA256

0d2550dd62ff770b199e1843e64d433c426fc7412c2602956b56567fd41806c4
SHA512

683688fa38fa59bf20c935a8ba630343ac8e72702105c5d8c470ab6bc51afc919260e2fb8397edf414a9c26764c8b7372fdaf29376f343790deffebf24d6acbd
SSDEEP

196608:EB0b73DDzMCuVrNoHxM+lYxDTdqjdKRGKNW8io4xZxsm68jdQ0czPUnWr:E6b7Tn9uVrNJPxVqZKR485IsojZc7UA

Score

4^/10

discovery

Malware Config

Targets

- Target
  
  安天/审核通过/0day-农业机械试验鉴定信息化服务平台未授权文件上传导致g_152852_L_72597_pgLU7yfz.docx
- Size
  
  9KB
- MD5
  
  4c0a9789a5128f2887bd10e79f81df7d
- SHA1
  
  8909a1829d0b116926983287aa3ac810ddef334b
- SHA256
  
  19f7544c27958c0246defd00b529786908832c879fcef9ae939a08fd278d1119
- SHA512
  
  960baffc090f91e64bc2696aec10005b9d165688ebc7e32a893fa8b0cd400088108089f3f9541595666fcaff00492b285459e7c8b8f9b3d2f4a25d218d93b92e
- SSDEEP
  
  192:ERFh24tVMKnefmU1PVhsXuTeXzG80U2tv1ONf7rxxSH5uDYzjjmXMAlRam7wKWj2:ERFcsGu+vRDWCy/Z2V1OZJkZu4jMvnai
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  安天/审核通过/0day-农产品质量安全监管网未授权文件上传导致getshe_145943_L_72597_LUmJhmYr.docx
- Size
  
  9KB
- MD5
  
  20689fe95a6a11c49b22fe1d66fc21b3
- SHA1
  
  e0e6daa1a4a7ab7ca0c7c5b7943653db69a8307f
- SHA256
  
  26f69d0c666364c663cfb51289260170ef9cff870ec4fbf3df9a9902693ac9af
- SHA512
  
  60ea366ac16e2ee622f08de2b372a960f76604e682248fb2b93a69d11523ff3ba2a9ed92252e0124962e7b4a80153576acb7db8784c70f3e87ba8dff750bf3e6
- SSDEEP
  
  192:ERFh24tVMKnefmU1PVhsXuTeXzG80U2tv1Xd8y6f7rxxSH5uDYzjjmXMAlRam7wQ:ERFcsGu+vRDWCy/Z2V1XdnWJkZu4jMvr
Score

4^/10

discovery
behavioral3 behavioral4
- Target
  
  安天/审核通过/人大信访系统绕过登录后台文件上传导致getshell漏洞_142937_L_72597_2Dw9vBqw.docx
- Size
  
  9KB
- MD5
  
  cc8fc32fde64854516c96d15c208b36c
- SHA1
  
  9f92eda406c184eb8fd97e47ea4b5edacb174621
- SHA256
  
  2b7c2b82fd1a66e6fe34dc9c5cd234048bd4ddc7907871ad32f18f1db7cafac1
- SHA512
  
  17c227c0f4b058aa821a17eaa978c5ba4c1cfe4d62e1bed96dbb5b490c78a0a1e29fb8cbf6cb15fab9c9772ffc0d26127494a85774b91e3af03c581e9e91c3cb
- SSDEEP
  
  192:ERFh24tVMKnefmU1PVhsXuTeXzG80U2tv1nmUk86DUf7rxxSH5uDYzjjmXMAlRaB:ERFcsGu+vRDWCy/Z2V1nxk86DkJkZu4r
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  安天/附件/0day-农业机械试验鉴定信息化服务平台未授权文件上传导致g_152852_L_72597_pgLU7yfz_0day-农业机械试验鉴定信息化服务平台未授权文件上传导致getshell漏洞.docx
- Size
  
  796KB
- MD5
  
  12c8ffb09ffda4131736a31590a908be
- SHA1
  
  bcd8f8fe343e4dfb9e20bfc0d355f173b54a7084
- SHA256
  
  981b12e42592d1032515a60cb5a846168a1958f712d39d4c430a3bb3f3336ac5
- SHA512
  
  3425174cf95ba6b20e8e6678bd6d919f324b3c98b5ed2f895b9fbd1acd165ab79ce760ea39ff895cbe8d33e518a1abfef9e8bf695355724e5ada43298b21f9c9
- SSDEEP
  
  12288:yeinWFlybY1c3N1v1r6ZwWrSnaIepad6kRSg5S/lH1V7bFuIEdsH5DiQTM6jwdtg:onWgY2ddkSaIhEgMh1V7bFuHeH5rlWg
Score

4^/10

discovery
behavioral7 behavioral8
- Target
  
  安天/附件/0day-农产品质量安全监管网未授权文件上传导致getshe_145943_L_72597_LUmJhmYr_0day-农产品质量安全监管网未授权文件上传导致getshell.docx
- Size
  
  1.5MB
- MD5
  
  9d486aa1898afd01cf3b83a6c1b4c6d5
- SHA1
  
  d39ce139ef34968b8f18048d027ff5ff20a6b807
- SHA256
  
  5e27f52ef1d1e9f3d542b131f8d2bf43517e26860768f01e99696bd2be3efd21
- SHA512
  
  17b8a012c44873f6a0a2301f8a4364e4deb90cd9c633301d07e79b473e831a9d697eaf896794571e4b6d49ac63bc34bf28dc8ce63109b9855c7c3ad393def16b
- SSDEEP
  
  24576:ngCryfMNGORAGLnG2HADDSOVROMrbjZ5v7Nz1g14NYENs+TFwzhBeO:ngCryfMSi3HADDTOunXxKeO
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  安天/附件/人大信访系统绕过登录后台文件上传导致getshell漏洞_142937_L_72597_2Dw9vBqw_0day省人大.docx
- Size
  
  1.7MB
- MD5
  
  f8151912223b907f334bacb0ad8db3c5
- SHA1
  
  955dca6f5cac7d4bb7d2149a8ef892c73b2f7d97
- SHA256
  
  2ff71883086944d037a74ce1e4773dd8d5467b7d42b76dc46955bad0f0e720d6
- SHA512
  
  0a7f6ed8e96e7ab9064beea97672b16062febb05284b11c776dec252533c6d0b8a0ddc161a39e7481f9d832d4a0e2d2a9a7b68cffecb313783ed26873968a1b4
- SSDEEP
  
  49152:skvPigQZ5wCRGAqH99xfE1Ipie4kfXbRGfEOgOyYa:sk3OZVRGnH99xkPMXb0t8n
Score

4^/10

discovery
behavioral11 behavioral12
- Target
  
  秦易黑霾实验室/审核通过/陕西省政府门户网站0day_155206_L_72597_sXuAgKBe.docx
- Size
  
  10KB
- MD5
  
  55f154891f089b87ac6196b981890465
- SHA1
  
  b783f17f1cc335fd0ebabae9f165b56df1469746
- SHA256
  
  cc7a7f3ee382617cc0db80eda0d7e65b003466f45bc5a3d3a6e3f06d8d688bfd
- SHA512
  
  6f97890a69fa539d6eab17b2026ae1287e2de8e9f4e8174358eac23a65a861437e9f4f2364d9b1f754c99e37cf67beba61263ff27016eb21c1ff221f4a2933ae
- SSDEEP
  
  192:ERFh24tVMKnefmU1PVhsXuTeXzG80U2tv1ACGKJEqS8Wf7rxxSH5uDYzjjmXMAlM:ERFcsGu+vRDWCy/Z2V1/dOqdCJkZu4jN
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  秦易黑霾实验室/附件/陕西省政府门户网站0day_155206_L_72597_sXuAgKBe_政府门户网站注入0day.docx
- Size
  
  3.1MB
- MD5
  
  1a59ac27639579dcc14e660c0520ae7d
- SHA1
  
  4b298b1308bf700e012fdbd7192d5fc9208cb87b
- SHA256
  
  cb74225fb549ac463b57a5d05b83bffb3529d890200fea8ee643e2168b8280f8
- SHA512
  
  aff30d266aa904c204ad2b775e0fb82371dc11603b170ce5b476ac3860d8dfd9fec21e298a14a070156f5f3608103d2185c16be7c4ab19b61f8a882c075d8416
- SSDEEP
  
  98304:gbIvijEMy1Fm8hjurVrMDydwLjxQeeEZum/+DIIFY4pmF:gE2mm3VrMDydwLVQeEminFY4wF
Score

4^/10

discovery
behavioral15 behavioral16
- Target
  
  观宇战队/审核通过/全国消防综合业务平台通用0day_120132_L_72597_BWP32y3E.docx
- Size
  
  9KB
- MD5
  
  118410c9ce3d71d48291b251407ef88a
- SHA1
  
  5620f43e253abab8cb768bf0fa02a8a040d03684
- SHA256
  
  882286c0a46bc544a174a46e589a13810820ce660d52995ad8c9a564713691ee
- SHA512
  
  c2d6e2004988cb16a91d3ec721b3cca4ecbc20d411e2d6315fd2ff46c17dc9ce089a9800eaaa3607c7eeec8c04f0e55865e2601c59741d61c02934147bcf437c
- SSDEEP
  
  192:ERFh24tVMKnefmU1PVhsXuTeXzG80U2tv19+4JX4U5yf7rxxSH5uDYzjjmXMAlRW:ERFcsGu+vRDWCy/Z2V18VIOJkZu4jMvW
Score

4^/10

discovery
behavioral17 behavioral18
- Target
  
  观宇战队/附件/全国消防综合业务平台通用0day_120132_L_72597_BWP32y3E_全国消防综合业务平台通用0day.docx
- Size
  
  3.6MB
- MD5
  
  7142f810657a5fe170ca70d3bcf5070c
- SHA1
  
  895514a23697f76f46950cff632e3701e09b6dd5
- SHA256
  
  773b0a23c9c11c0f712ebf2f81e18138de4b9b926468b33c25fa62cf47f5f6b4
- SHA512
  
  670a0d359f5cc2dd65bca57d04597b787388804d071439fcd8b9179c567aba860ed411b4611e4057ab9aad6341167b9eabb72ee5b1727aa86d36731d9208df93
- SSDEEP
  
  98304:XSxmhY2lAbVxB4+F1uibrelAOpm19ZMXi:XSUYbZTF1uiPelAOpm1f
Score

4^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20