Overview

overview

9

Static

static

Saldo.Pdf_...__.exe

windows7-x64

9

Saldo.Pdf_...__.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd64b9501e4cd8b96223aecc9900393099c5c06c2a0ae959b5483ebef5c779e1

  • Size

    284KB

  • Sample

    221123-tb3srsgf8x

  • MD5

    a78423e9f6dd118ba745f5923de41cd5

  • SHA1

    e7ce99ba2a1fec0920d309ad3644359b0706e9af

  • SHA256

    cd64b9501e4cd8b96223aecc9900393099c5c06c2a0ae959b5483ebef5c779e1

  • SHA512

    e516559c097eee237b47c54e680caef3011b8da9fbd9329db929df84a8c3a1b22d07211f4966a33b56bc0568b33cb84865a53b323f310d264756287f7dc245df

  • SSDEEP

    6144:SnCxOG7rVxWYa3pMSsym1XBL59NS2HiPZ:SnnG1xWBn+xS2oZ

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Saldo.Pdf______________________________________________________________.exe

    • Size

      446KB

    • MD5

      2cca32c4cf7dc6d10a2462fa9b74ae40

    • SHA1

      74f0125e8e0526b0e465d16668884006a4ee774a

    • SHA256

      cda22aa74b025e459bd6404d702331e55bffba5929d7b2bd9f1285330d37ff2a

    • SHA512

      9b07fff4eb1a6b7dcbb86815bd2aa098748c631b36baf4ab437b9f3b643e8bfb8b2b87884dc548da719739022f57413fcbdb1f2b1409abc3bf0c5827b186af1f

    • SSDEEP

      6144:veoxeLzWoeEqagVXy5LhT57AZT//s7m6Cu8haJ1y6ded:3xeHWohxht7y3sqxTg1yNd

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks