General
-
Target
ac3ddf66ba83902207959d6aadb8b869b532ad55b15b23592531afa76d551ea4
-
Size
2.6MB
-
Sample
220521-cs2hlahecj
-
MD5
69819ee75ee0a9a9f1b5fddd1b787017
-
SHA1
2ec85d985daaa142af30cf36d051b32e1aa2ac8d
-
SHA256
ac3ddf66ba83902207959d6aadb8b869b532ad55b15b23592531afa76d551ea4
-
SHA512
e9fb1086200c839070ba2c6403051c285cb8c725ab83e084b5a54e7f197bd5e2cc46055e5304a6908fd71fd7601458f42d5f6f7a14a91d5fcb3c9057a649f167
Static task
static1
Behavioral task
behavioral1
Sample
Company Presentation~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company Presentation~pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Infrared Thermometer~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Infrared Thermometer~pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Mask samples & qty needed~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Mask samples & qty needed~pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mapi.diplemailsrvr.com - Port:
587 - Username:
[email protected] - Password:
Banachi@1974
Targets
-
-
Target
Company Presentation~pdf.exe
-
Size
1.2MB
-
MD5
cbc2a4c4b531711337eb807fbd082adc
-
SHA1
f9114fe1e6ebe680831900fce56fde5ed2a748eb
-
SHA256
2ae247545c4291da9b83ad9ba0c6af00bd80c896a3fb9fafd028e09444bf3baf
-
SHA512
e5649d648c989049af1dd13c12f397483935d019e93e655801f51f642f7db8bd536c945b4ef92a1f46ff73e8e8952ddb397857c935408e52862543c0a58a92e2
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Infrared Thermometer~pdf.exe
-
Size
1.2MB
-
MD5
cbc2a4c4b531711337eb807fbd082adc
-
SHA1
f9114fe1e6ebe680831900fce56fde5ed2a748eb
-
SHA256
2ae247545c4291da9b83ad9ba0c6af00bd80c896a3fb9fafd028e09444bf3baf
-
SHA512
e5649d648c989049af1dd13c12f397483935d019e93e655801f51f642f7db8bd536c945b4ef92a1f46ff73e8e8952ddb397857c935408e52862543c0a58a92e2
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Mask samples & qty needed~pdf.exe
-
Size
1.2MB
-
MD5
cbc2a4c4b531711337eb807fbd082adc
-
SHA1
f9114fe1e6ebe680831900fce56fde5ed2a748eb
-
SHA256
2ae247545c4291da9b83ad9ba0c6af00bd80c896a3fb9fafd028e09444bf3baf
-
SHA512
e5649d648c989049af1dd13c12f397483935d019e93e655801f51f642f7db8bd536c945b4ef92a1f46ff73e8e8952ddb397857c935408e52862543c0a58a92e2
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-