5f26ec6a89a14aedcee85883d41d5ca81a2ba2a7c99ec464abaa5bd63b6cbe1b | Triage

Sharing

General

Target

MV TBN CALL PORT FOR LOADING COAL_pdf.exe
Size

527KB
Sample

200713-hev3phxzjj
MD5

aa683fc072f3ae7d3746555ad0d2fa86
SHA1

6e3a1234cfc5658c9da297cba29d5869b7d48906
SHA256

5f26ec6a89a14aedcee85883d41d5ca81a2ba2a7c99ec464abaa5bd63b6cbe1b
SHA512

ca3733205d1606e6d981f89a6b312bfedc00e2195e947729108d0c0d32b75b6d9a7794e7a29663baee12d7a5e64c13ee588edf70274a9697081cbc6e7292b0dd

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  MV TBN CALL PORT FOR LOADING COAL_pdf.exe
- Size
  
  527KB
- MD5
  
  aa683fc072f3ae7d3746555ad0d2fa86
- SHA1
  
  6e3a1234cfc5658c9da297cba29d5869b7d48906
- SHA256
  
  5f26ec6a89a14aedcee85883d41d5ca81a2ba2a7c99ec464abaa5bd63b6cbe1b
- SHA512
  
  ca3733205d1606e6d981f89a6b312bfedc00e2195e947729108d0c0d32b75b6d9a7794e7a29663baee12d7a5e64c13ee588edf70274a9697081cbc6e7292b0dd
Score

6^/10

persistence
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2