Overview

overview

7

Static

static

1

PURCHASE O...df.exe

windows7-x64

7

PURCHASE O...df.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    PURCHASE ORDER_pdf.exe

  • Size

    276KB

  • Sample

    230313-ja8mhshb28

  • MD5

    2c5e140fba34025bdb2fcc9c5d82765a

  • SHA1

    7a0b2e0bf6b8948c454326d925bb8d68e841d198

  • SHA256

    1a193a5c9a4cf2963018cad6b56e6b41b759ba1bff4331fbfcbb51eac0684a9b

  • SHA512

    ebffe004508d6ddab38fcce72e9aa33f87ffa147d9d7230c535c039f9b5b493c3caccebbc43301d0cfe11015f7ec395667980676786bcd1d12e2d379ec399e14

  • SSDEEP

    6144:/Ya6b0bLUriaI/ifhQXIMEHIUPDXO1wyVTCZRlDzYL:/Yp0bLUraC4IMEFD+1w+TCZzDzYL

Score
7/10

Malware Config

Targets

    • Target

      PURCHASE ORDER_pdf.exe

    • Size

      276KB

    • MD5

      2c5e140fba34025bdb2fcc9c5d82765a

    • SHA1

      7a0b2e0bf6b8948c454326d925bb8d68e841d198

    • SHA256

      1a193a5c9a4cf2963018cad6b56e6b41b759ba1bff4331fbfcbb51eac0684a9b

    • SHA512

      ebffe004508d6ddab38fcce72e9aa33f87ffa147d9d7230c535c039f9b5b493c3caccebbc43301d0cfe11015f7ec395667980676786bcd1d12e2d379ec399e14

    • SSDEEP

      6144:/Ya6b0bLUriaI/ifhQXIMEHIUPDXO1wyVTCZRlDzYL:/Yp0bLUraC4IMEFD+1w+TCZzDzYL

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks