General
-
Target
d5195a7ce341d11122bbef7524c76c314271f15ed0e19949af881334dd7e3cb2
-
Size
654KB
-
Sample
221126-hknvesab43
-
MD5
09a8cf6496b2de7a01b8af02dab8ff7f
-
SHA1
96de0e456c26ea3006be218538043f344dc58ce0
-
SHA256
d5195a7ce341d11122bbef7524c76c314271f15ed0e19949af881334dd7e3cb2
-
SHA512
8b3e2896c068f45d50bb826131ae328a5eb3fceb7bfd5b13e7db903bfc28507444b163faabd51648242acfaddd575fa9f53c91daa953fa9d15681cdfe4005f6a
-
SSDEEP
12288:6QM7EQqQih4qtLuJTFh/ohi7B5Qe4lxqDGxWFYgf+oHQeMJqRD8FSbVG:6QMAYiyAWTFh/oAvQe2WGxWFMoHQeMJd
Static task
static1
Behavioral task
behavioral1
Sample
gls-italy-report-generato-sistema-automatico-spedizione-verified-verifica-stato.pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
gls-italy-report-generato-sistema-automatico-spedizione-verified-verifica-stato.pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\Decrypt All Files gmzvmsb.txt
http://pf5dahldauhrjxfd.onion.cab
http://pf5dahldauhrjxfd.tor2web.org
http://pf5dahldauhrjxfd.onion/
Targets
-
-
Target
gls-italy-report-generato-sistema-automatico-spedizione-verified-verifica-stato.pdf.exe
-
Size
683KB
-
MD5
06ea9899946dd36a8a7d71aacd22c19b
-
SHA1
78a46f010cea448fcb0a304be18ea31668b906b1
-
SHA256
114fd64e54c0a3a63327e443bb61e7f8ef3096de681177c834e38125092f5b6b
-
SHA512
80b2ed3674346e9d469796e68b26597d02eea9f104e4f02e7e9a6e55246644c51a6fda36fb21881e70577a2dd41759c1c5e475933b55a5d2e48a721992bb3f22
-
SSDEEP
12288:+ATRdiC4HE2Q7gC+lYx0E5pZpER9+93Qy2nd9AMPkztyG4RSBExMhGCb5:rT7gk2zh3opZx4PkzIGHEGz5
Score10/10-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-