Overview

overview

9

Static

static

Invoice.Pd...__.exe

windows7-x64

9

Invoice.Pd...__.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a432c68d6905cd6bf88058da199726980d29c114fade1b7e4131901fd3474620

  • Size

    291KB

  • Sample

    221124-qbxpzaeh23

  • MD5

    480ea18e5eb9c340b25400c3736ebb9c

  • SHA1

    1707a94c90990d63b0c73d4c5c62ccf43d77171a

  • SHA256

    a432c68d6905cd6bf88058da199726980d29c114fade1b7e4131901fd3474620

  • SHA512

    b460b7a8b6c8d0be61de0afd294dc41082fc30e17997116c60bbd95e57694cc70127497925088984f1174f8d71043550428371bdcd448a93df18db3588630811

  • SSDEEP

    6144:de8qRn5DaitOr8GpzIKr5dMfUgMRcNNye9tO2gOt4bQOB7AmLeC:de8qLDU8GpzIKr5dMye9t1tjO9ACeC

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Invoice.Pdf_____________________________________________________________.exe

    • Size

      465KB

    • MD5

      edf51b7c2507590d697e0899c0cadcb5

    • SHA1

      b59b8c306917ba92c48abba83992e09e9146336c

    • SHA256

      b3913d567ca228ac32cd35b5d6245393d2b2c1d1c40a60edc55ea7a521f96694

    • SHA512

      f584b7b81a0d2f154d3c7534c11cbbc8f4743f57eb69721eedd63ac840368fb0cfefffd02f1bc05639932187c1566c5da1f97c34938dbb5132aa97568e6adfac

    • SSDEEP

      6144:9AKLo20Yi4qqavLoz4cbcJZeCb8Zyf5RmJugB5ejkcWv:9Ls20YivgtQJZeK8ZI5RmsgB5eEv

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks