d60c30dc0ac1933eb3a28a42b8c9aa8b381816d64217393adc2f06e3deddae39

Resubmissions

13-01-2025 00:12

250113-ahff9synck 8

15-08-2024 13:01

240815-p89v5asfla 10

Sharing

Copy URL

Twitter E-mail

General

Target

Documents.zip
Size

3.7MB
Sample

250113-ahff9synck
MD5

80c42af0016b3b7c249feda15f4d2cc2
SHA1

9cb356ad7d4a6b1157b0066466b6606218c5b5d1
SHA256

d60c30dc0ac1933eb3a28a42b8c9aa8b381816d64217393adc2f06e3deddae39
SHA512

98ace938565688472f0ef4e47a531d18eeed41025894c9a039c154c075344aaccb023aec40c7cc65b2ada8b3ad0d88ecb64bd0dbd0f304cea1f603fe0deca70a
SSDEEP

49152:PO5JIDWgbuK+YLbRy2OnukNoEZok1zE+kGDR9OTVOUQZVv61hG0Byx/tEsF07J4z:25qBh+rB/1ow/OTVOUQ2+xVE04J0Nwz+

Score

8^/10

Malware Config

Targets

- Target
  
  Documents.zip
- Size
  
  3.7MB
- MD5
  
  80c42af0016b3b7c249feda15f4d2cc2
- SHA1
  
  9cb356ad7d4a6b1157b0066466b6606218c5b5d1
- SHA256
  
  d60c30dc0ac1933eb3a28a42b8c9aa8b381816d64217393adc2f06e3deddae39
- SHA512
  
  98ace938565688472f0ef4e47a531d18eeed41025894c9a039c154c075344aaccb023aec40c7cc65b2ada8b3ad0d88ecb64bd0dbd0f304cea1f603fe0deca70a
- SSDEEP
  
  49152:PO5JIDWgbuK+YLbRy2OnukNoEZok1zE+kGDR9OTVOUQZVv61hG0Byx/tEsF07J4z:25qBh+rB/1ow/OTVOUQ2+xVE04J0Nwz+
Score

3^/10

discovery
behavioral1 behavioral10 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  Ionic.Zip.Reduced.dll
- Size
  
  247KB
- MD5
  
  7c359500407dd393a276010ab778d5af
- SHA1
  
  4d63d669b73acaca3fc62ec263589acaaea91c0b
- SHA256
  
  a4009288982e4c30d22b544167f72db882e34f0fda7d4061b2c02c84688c0ed1
- SHA512
  
  88a25138d0a491e5ee27499206e05b8c501da0c73ad2b3e23d70e810a09bfc1b701817de7f22c9f0b9f81f90235fe5eeadd112773035a11f01706eac364b34bc
- SSDEEP
  
  3072:nrI52ReHNdAFnfPPShREuMPb9YlVVRxpop2i0KKCXrXSbS4KcMy8ZZL5QlcSCSLw:yNdA+Myl7TpNiWCL4EycZb4
Score

3^/10

discovery
behavioral11 behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  [Leakcloud.fun] Link Skipper.exe
- Size
  
  523.0MB
- MD5
  
  b928c8e9fbdea0d3d904df7a09955640
- SHA1
  
  3caec7a61590a0287d2c350da8439cf977f3ab7a
- SHA256
  
  1f1407140a7a550335d170429646438cef0d37ec51a6378ac08c132e9e7d8420
- SHA512
  
  7627815855b32eec15e358246f2764b517790afb7bdac6ada17ec3184c96397248f1ce1150d3efe54f779f0e290bb2d03b6124a6c6df2dd2c7cfadc0138a627a
- SSDEEP
  
  49152:XJED040Mm05vldXLyY4huQNuZo+rGlYnqRK7xPNH6Yjs1hm0zydRtmSH07JS44iE:XCX5soNvqRK7dqSdzmy4JMdaP67
Score

8^/10

execution discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21 behavioral22 behavioral23 behavioral24 behavioral25 behavioral26 behavioral27 behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30