General
-
Target
CTM_PDF.exe
-
Size
371KB
-
Sample
221004-gpqn5seggk
-
MD5
03edb7fbc5c53ee76032c98e0985a9f4
-
SHA1
fee61f7e498790554379ced66a6cee9fd0baa8ca
-
SHA256
5b5f288fda05e0c17f37d266636a188d0c01c27c3f4d138b5e9b59f157d7851d
-
SHA512
c7c2e251c29fd82302e1fb1d47c1ecf3faa3f02089f77f524411474f3839ee2dd71f64bed386883704ca0b67a43d5b2a8884117c38cab4a00b7c78fc89b61254
-
SSDEEP
6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/kF9jl7NU90v0R1htmOYPrLK:lToPWBv/cpGrU3y8tGy9jA0v0aVPS
Static task
static1
Behavioral task
behavioral1
Sample
CTM_PDF.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
CTM_PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
CTM_PDF.exe
-
Size
371KB
-
MD5
03edb7fbc5c53ee76032c98e0985a9f4
-
SHA1
fee61f7e498790554379ced66a6cee9fd0baa8ca
-
SHA256
5b5f288fda05e0c17f37d266636a188d0c01c27c3f4d138b5e9b59f157d7851d
-
SHA512
c7c2e251c29fd82302e1fb1d47c1ecf3faa3f02089f77f524411474f3839ee2dd71f64bed386883704ca0b67a43d5b2a8884117c38cab4a00b7c78fc89b61254
-
SSDEEP
6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/kF9jl7NU90v0R1htmOYPrLK:lToPWBv/cpGrU3y8tGy9jA0v0aVPS
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-