General
-
Target
19a174d9b6bf71c97169f88c467fe07bf16f307687c30ca17c55f10fdd6c5f7b
-
Size
1.7MB
-
Sample
220521-bxxjrsffhr
-
MD5
acdae61387e23401950405716ee65620
-
SHA1
ec981d49ec36adfce675baa9ae6315829cccf92d
-
SHA256
19a174d9b6bf71c97169f88c467fe07bf16f307687c30ca17c55f10fdd6c5f7b
-
SHA512
1dee358cbdbde1e4cdfa1d23f355e8310a214f46b38b1be90c2c28df9a93f1a30e4841c46635528673be1d2c9ce664217adef81b98f70240f5cdd446665cc5fa
Static task
static1
Behavioral task
behavioral1
Sample
Company presentation~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company presentation~pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Composition & Quantity~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Composition & Quantity~pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Inquiry Items~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Inquiry Items~pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mapi.diplemailsrvr.com - Port:
587 - Username:
[email protected] - Password:
Banachi@1974
Targets
-
-
Target
Company presentation~pdf.exe
-
Size
859KB
-
MD5
befba058f69c91a13b001f3d15efa262
-
SHA1
aeebe9b13b160bcb77bca46e5acefbdf214f9e5f
-
SHA256
e469882fa707c3f2f85c8bdd5fe250434f3fa5169ee71f8132dce99296b99629
-
SHA512
13a8df597d4ddf3762731e1c9226845e33ef15595c1e9d6152edf1abfabf5a9695f911a9475f900f1862ba50009c208be613679f9ed51e4a1e698f8eab0e779a
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Composition & Quantity~pdf.exe
-
Size
859KB
-
MD5
befba058f69c91a13b001f3d15efa262
-
SHA1
aeebe9b13b160bcb77bca46e5acefbdf214f9e5f
-
SHA256
e469882fa707c3f2f85c8bdd5fe250434f3fa5169ee71f8132dce99296b99629
-
SHA512
13a8df597d4ddf3762731e1c9226845e33ef15595c1e9d6152edf1abfabf5a9695f911a9475f900f1862ba50009c208be613679f9ed51e4a1e698f8eab0e779a
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Inquiry Items~pdf.exe
-
Size
859KB
-
MD5
befba058f69c91a13b001f3d15efa262
-
SHA1
aeebe9b13b160bcb77bca46e5acefbdf214f9e5f
-
SHA256
e469882fa707c3f2f85c8bdd5fe250434f3fa5169ee71f8132dce99296b99629
-
SHA512
13a8df597d4ddf3762731e1c9226845e33ef15595c1e9d6152edf1abfabf5a9695f911a9475f900f1862ba50009c208be613679f9ed51e4a1e698f8eab0e779a
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-