General
-
Target
invoice_4_812937_pdf.ppam
-
Size
40KB
-
Sample
220924-rv76gscgdj
-
MD5
fd8bb8ce0dfc0d9f8073812211673d99
-
SHA1
8e6d62db5005939bc45b0b4a6281e5f8d60ddb01
-
SHA256
0a78f630b03cdcafaf8a056986ad208651d72ea1365a75f1c53202292b48dfc1
-
SHA512
73a48176585c3e402278c6f3d341b06d2ff5fd584004c4763edc8ef989c0d547cbb445ccd90002c731b8602a7e7ab690aa29b96ebcc41b753612b4fab10aa7fa
-
SSDEEP
768:eARJ/c/lsTsK/n/Okf6R9/i/L2pdAVQuLPdYIhjtzCNKJAlFCgwZHyTZigXJ1OdK:eAXkt09fmj7ajvZqvzPY1/K8NytsdqCo
Static task
static1
Behavioral task
behavioral1
Sample
invoice_4_812937_pdf.ppam
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://www.bndsafety.xyz/p/4.html
Extracted
Protocol: ftp- Host:
107.182.129.168 - Port:
21 - Username:
ncbcnv4 - Password:
djfhdffdf
Targets
-
-
Target
invoice_4_812937_pdf.ppam
-
Size
40KB
-
MD5
fd8bb8ce0dfc0d9f8073812211673d99
-
SHA1
8e6d62db5005939bc45b0b4a6281e5f8d60ddb01
-
SHA256
0a78f630b03cdcafaf8a056986ad208651d72ea1365a75f1c53202292b48dfc1
-
SHA512
73a48176585c3e402278c6f3d341b06d2ff5fd584004c4763edc8ef989c0d547cbb445ccd90002c731b8602a7e7ab690aa29b96ebcc41b753612b4fab10aa7fa
-
SSDEEP
768:eARJ/c/lsTsK/n/Okf6R9/i/L2pdAVQuLPdYIhjtzCNKJAlFCgwZHyTZigXJ1OdK:eAXkt09fmj7ajvZqvzPY1/K8NytsdqCo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-