General
-
Target
NEW PURCHASE ORDER SAMPLES CATALOGS.pdf.zip
-
Size
34KB
-
Sample
220923-a96grsgfap
-
MD5
50c24570103908476e38d7ef662ba9ab
-
SHA1
15f905abb7112a148a93c56b94d30328d03fc72a
-
SHA256
72b11627c5e2d104563eb6873c00cd3bb1be8ab3b81aefa59cdb1f8bc37f66f1
-
SHA512
8b3e892543b36f4df946b8f647eb904eb2545de5116561b368313fe1ff8ea9e40aeae670c91fe4c134582023a4acdaaf76d923a1040b6dc4d52886514f6833a8
-
SSDEEP
768:oxaXPf8MUFKCyMq+Ehsi2YC5QTKpOYi/GDXLLazxkdi1kfymEwcs:oxa/QKCy+EFC+TKB2GDXLmKdf9H1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER SAMPLES CATALOGS.pdf
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://www.bndsafety.xyz/p/4.html
Extracted
Protocol: ftp- Host:
107.182.129.168 - Port:
21 - Username:
ncbcnv4 - Password:
djfhdffdf
Targets
-
-
Target
NEW PURCHASE ORDER SAMPLES CATALOGS.pdf
-
Size
63KB
-
MD5
b7dd4fcd5758f3de9c18f6088384e6d2
-
SHA1
62ba915ed6871a397a35f9c768fac5e7c0578f20
-
SHA256
404b4dc973010fb5414e8c1de1ebc7ca26dad76e3ef8b39f86fdfb358983d5bf
-
SHA512
4f333d6090ca505902dd676a7a689829e768b19af28e780bd915f4fe399b2ca59154eb487041489c21f635f9a5788406b03a1fa5ef1eea23f0497d128b405536
-
SSDEEP
768:4/EZcsdZcsjZcs0ZcsiAAAf/Lu7RP3mbJBnv9Fn6HIGrDtRhikIbb814ckFN7sD:qEXV28AAAf/aBmbfPuJrMkIM1KsD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-