General
-
Target
Purchase Order_3_812937_pdf.ppam
-
Size
42KB
-
Sample
221003-kd568sfbc8
-
MD5
38fdfc043596f30da30ffd84a5e8bc3f
-
SHA1
a0e0c82a7614a2528b84b2d42153f4b52cbe2302
-
SHA256
14b25b8d5c181fc6aeb59ad3c7170575201070a52c5428ca6c6a57fca295595c
-
SHA512
139166ad594fcab5ad8be8526eb3d006d0c4a5480e924a86ceb291f2cedfbb3ee962966632fc6d8a23bafb939077158313c0300fb47d2e5b7f200f20518f27b1
-
SSDEEP
768:JJ/c/lsTsK/n/Okf6R9/i/LIlfKEe89Vva6PdYI4+zMZvJA0FHwZH+T6gXJ1gxPZ:Pkt09fmj7ajsurtPgxP6ZD1/K8Nytsdk
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_3_812937_pdf.ppam
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Purchase Order_3_812937_pdf.ppam
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
107.182.129.168 - Port:
21 - Username:
ashgdhfg3 - Password:
jfghfjgh545
Targets
-
-
Target
Purchase Order_3_812937_pdf.ppam
-
Size
42KB
-
MD5
38fdfc043596f30da30ffd84a5e8bc3f
-
SHA1
a0e0c82a7614a2528b84b2d42153f4b52cbe2302
-
SHA256
14b25b8d5c181fc6aeb59ad3c7170575201070a52c5428ca6c6a57fca295595c
-
SHA512
139166ad594fcab5ad8be8526eb3d006d0c4a5480e924a86ceb291f2cedfbb3ee962966632fc6d8a23bafb939077158313c0300fb47d2e5b7f200f20518f27b1
-
SSDEEP
768:JJ/c/lsTsK/n/Okf6R9/i/LIlfKEe89Vva6PdYI4+zMZvJA0FHwZH+T6gXJ1gxPZ:Pkt09fmj7ajsurtPgxP6ZD1/K8Nytsdk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-