order 17052022.pdf_

General
Target

order 17052022.pdf_

Size

30KB

Sample

220517-x4dk5agcc3

Score
10 /10
MD5

f7da10c601fc5c0c2caef9f4e06508ad

SHA1

b1f40f4752866c30fbd6654f4844d13ae2958946

SHA256

0bf9fd42a0dc842dfe8ad1d5fdaa3f74e5e2ff602887dcfdbc14466f51eef6e0

SHA512

999c1cf265bd24b51a75bbe6651b2c5b7637b8df6e89a5740e31b6d9e9a74bff19c5ddd8fb445d42cfbe01f26c92db0afa273480f85895a83530ed68a9a392c3

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
ps1.dropper

https://www.mediafire.com/file/ivgr6qe4jfzd1w9/14.dll/file

Targets
Target

order 17052022.pdf_

MD5

f7da10c601fc5c0c2caef9f4e06508ad

Filesize

30KB

Score
10/10
SHA1

b1f40f4752866c30fbd6654f4844d13ae2958946

SHA256

0bf9fd42a0dc842dfe8ad1d5fdaa3f74e5e2ff602887dcfdbc14466f51eef6e0

SHA512

999c1cf265bd24b51a75bbe6651b2c5b7637b8df6e89a5740e31b6d9e9a74bff19c5ddd8fb445d42cfbe01f26c92db0afa273480f85895a83530ed68a9a392c3

Tags

Signatures

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    3/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10