Overview

overview

7

Static

static

3

54 45 53 5...22.exe

windows10-2004-x64

3

54 45 53 5...22.exe

windows11-21h2-x64

7

54 45 53 5...ns.txt

windows10-2004-x64

1

54 45 53 5...ns.txt

windows11-21h2-x64

3

54 45 53 5...86.exe

windows10-2004-x64

7

54 45 53 5...86.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    error422.zip

  • Size

    203.3MB

  • Sample

    241204-3pykmsxlbs

  • MD5

    0cfd935f8fcbedadbee6457ba20d6690

  • SHA1

    bb866ee339b0d77b78348e67877b1610338e7adc

  • SHA256

    5da1ed1fa59fe6b26615347b83820e693f2a8eec1c95c05bd3f5d9e12b00cd3a

  • SHA512

    d930b9a140cf25eff991aa7d375de986eea5f1a94bc31fa94cad77ac212f62de4e10e85c0da4b98a330b06f9bdc083bf4a1002d35248cbb9b9b5dd7aef1f2f60

  • SSDEEP

    6291456:LBruI9iSD/RcG2Oxy0yERVDVzuSfnaxd1q3w4ZwIOhjIgl:9ruIJDmGngiDbvoPq37Zmhtl

Score
7/10
discoverymotwphishing

Malware Config

Targets

    • Target

      54 45 53 54/ERROR422.exe

    • Size

      8.0MB

    • MD5

      7b01e76578486d44bbafb0d51381820e

    • SHA1

      0daa6b605200bf6fabd7a08f7de4c1eac4fd12d9

    • SHA256

      7765f79269ebad7f33a0dc8d18360f5adf9464660f2259f9961cad0aa2f94bbd

    • SHA512

      0c6d84c197713b3c8ab12bf23e1d6d828eca1cf7e11a047de0856046974abb2e297899c8a3c445a206c80fc963919a3cecaf8b5c336a349b821eb1df013a7c92

    • SSDEEP

      196608:GiF+hNQl6gsLxL8QpNpKyro8thPVNadB:oC0bx5pTKs1JadB

    Score
    7/10
    discoverymotwphishing

    • A potential corporate email address has been identified in the URL: =@L

      phishing

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw
    behavioral1behavioral2

    • Target

      54 45 53 54/Instructions.txt

    • Size

      65B

    • MD5

      5a7d6490583357f2cc06f77bc4532bac

    • SHA1

      5bbc4fbff7d3fa21fec1d3e74cc5df9738b52c8b

    • SHA256

      b592edc481a96b315de980bc81bea6f6727ab18d5cbd79683bb3aa6ef2a8c68a

    • SHA512

      acd31e3c17ffb60d21d4099de30c529df82a0194899771b3154cf370ef5b585983f9c54be9cd084910b47272c4ea1bf033396e936eb2af6ef6551172182dcb19

    Score
    3/10
    behavioral3behavioral4

    • Target

      54 45 53 54/jdk-8u191-windows-i586.exe

    • Size

      197.3MB

    • MD5

      50cfd28a3a3243bc5e9be096a3b9fd97

    • SHA1

      bc8f26edb5d1b6d93459405da76bc52c9b882e69

    • SHA256

      a92fce986622e9846b93e396a7eda6214e7f7ea90860794c934f423c10813622

    • SHA512

      859e7cc427a5ea990dd3b5301d0bb68aceac9b32f62363d5d21ed90ad45a7a7912d201dc276786bfcfb18a8683776623c7b78c4ad06c4f8002033bfaa6e8855e

    • SSDEEP

      6291456:TRcAp+FfSMhbAOo8ZycQv15tZ8YpG+sdjjceHAk8iaKmh:TRcAp4SWAURo5MAHojjjHEiaT

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks