General
-
Target
NEW PURCHASE ORDER SAMPLES & CATALOGS.pdf
-
Size
63KB
-
Sample
220924-rjpj1abda3
-
MD5
b7dd4fcd5758f3de9c18f6088384e6d2
-
SHA1
62ba915ed6871a397a35f9c768fac5e7c0578f20
-
SHA256
404b4dc973010fb5414e8c1de1ebc7ca26dad76e3ef8b39f86fdfb358983d5bf
-
SHA512
4f333d6090ca505902dd676a7a689829e768b19af28e780bd915f4fe399b2ca59154eb487041489c21f635f9a5788406b03a1fa5ef1eea23f0497d128b405536
-
SSDEEP
768:4/EZcsdZcsjZcs0ZcsiAAAf/Lu7RP3mbJBnv9Fn6HIGrDtRhikIbb814ckFN7sD:qEXV28AAAf/aBmbfPuJrMkIM1KsD
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER SAMPLES & CATALOGS.pdf
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://www.bndsafety.xyz/p/4.html
Extracted
Protocol: ftp- Host:
107.182.129.168 - Port:
21 - Username:
ncbcnv4 - Password:
djfhdffdf
Targets
-
-
Target
NEW PURCHASE ORDER SAMPLES & CATALOGS.pdf
-
Size
63KB
-
MD5
b7dd4fcd5758f3de9c18f6088384e6d2
-
SHA1
62ba915ed6871a397a35f9c768fac5e7c0578f20
-
SHA256
404b4dc973010fb5414e8c1de1ebc7ca26dad76e3ef8b39f86fdfb358983d5bf
-
SHA512
4f333d6090ca505902dd676a7a689829e768b19af28e780bd915f4fe399b2ca59154eb487041489c21f635f9a5788406b03a1fa5ef1eea23f0497d128b405536
-
SSDEEP
768:4/EZcsdZcsjZcs0ZcsiAAAf/Lu7RP3mbJBnv9Fn6HIGrDtRhikIbb814ckFN7sD:qEXV28AAAf/aBmbfPuJrMkIM1KsD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-