General
-
Target
Comprovante de pagamento.ppam
-
Size
15KB
-
Sample
211210-e9d5qsggcq
-
MD5
c151913c81c45053d186f4b91e85680f
-
SHA1
e01616f9f7855c09ed2b68a2d18496c566349060
-
SHA256
8089f15903c4925dc06bf871d1375fddb447e96e227e07b89e86f997b96c7db1
-
SHA512
349a5a1d39284584959e18315088274a4f93acf2a0432478d8bc9489892985fe8a780e723d285e87525beb7b54d9c485fb5e4d42ac63413fdda3882fae4ad77c
Static task
static1
Behavioral task
behavioral1
Sample
Comprovante de pagamento.ppam
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
Comprovante de pagamento.ppam
-
Size
15KB
-
MD5
c151913c81c45053d186f4b91e85680f
-
SHA1
e01616f9f7855c09ed2b68a2d18496c566349060
-
SHA256
8089f15903c4925dc06bf871d1375fddb447e96e227e07b89e86f997b96c7db1
-
SHA512
349a5a1d39284584959e18315088274a4f93acf2a0432478d8bc9489892985fe8a780e723d285e87525beb7b54d9c485fb5e4d42ac63413fdda3882fae4ad77c
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-