Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer) - ASEC BLOG
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Software - T1592.002 Screen Capture - T1113 Screen Capture |
Common Information
| Type | Value |
|---|---|
| UUID | f57fadbe-7d4a-4a65-9ec5-b03153d391d7 |
| Fingerprint | 9162be39adfd86df |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 25, 2021, 4 p.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer) |
| Title | Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 32/1/21 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/20570/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 84 | airmail.cc |
|
| Details | Domain | 38 | ntdetect.com |
|
| Details | Domain | 1 | eastwest7070.at |
|
| Details | 1 | number].[vassago0213@airmail.cc |
||
| Details | File | 2 | using.exe |
|
| Details | File | 1 | violations.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 38 | io.sys |
|
| Details | File | 4 | readme-warning.txt |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 1 | %appdata%\roaming\edgecp folder with filename microsoftedgecps.exe |
|
| Details | File | 101 | gate.php |
|
| Details | File | 31 | generic.c4 |
|
| Details | File | 27 | agent.c4 |
|
| Details | File | 7 | mdp.sys |
|
| Details | md5 | 1 | a44dd48695af7a64607ff464a194642f |
|
| Details | md5 | 1 | 5c02cb26de796b4eb98d860530e9b7b5 |
|
| Details | md5 | 1 | 69284ff2194fb4d10ff791a87d25e84d |
|
| Details | Url | 1 | http://eastwest7070.at/ps/gate.php |