f3de338bdde024a21dc1e987f41930a1b8ff9799adbab67f2345e8e648e81663 | Triage

Sharing

General

Target

FedexTrackingClearanceInformation_PDF.exe
Size

2.1MB
Sample

200707-hbgn8ra4f6
MD5

49ed9fd1bfe4e4d685f014084d3b11b4
SHA1

ad9aa4dedddcd8de2d2fab04344d8f26c165537d
SHA256

f3de338bdde024a21dc1e987f41930a1b8ff9799adbab67f2345e8e648e81663
SHA512

b3ec6eae21e84345c98162c79cdd5527b14524855e1d0b8f95e599ab49f47c51aca34965446d4b6a8c93217739a7bf7fa7de19e077ad117747ab29d030bf0466

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  FedexTrackingClearanceInformation_PDF.exe
- Size
  
  2.1MB
- MD5
  
  49ed9fd1bfe4e4d685f014084d3b11b4
- SHA1
  
  ad9aa4dedddcd8de2d2fab04344d8f26c165537d
- SHA256
  
  f3de338bdde024a21dc1e987f41930a1b8ff9799adbab67f2345e8e648e81663
- SHA512
  
  b3ec6eae21e84345c98162c79cdd5527b14524855e1d0b8f95e599ab49f47c51aca34965446d4b6a8c93217739a7bf7fa7de19e077ad117747ab29d030bf0466
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2