639bf7ee39d021e52f513f8f18a28403a6022dbd7f0a63dd5fb7a097ece5a6f5 | Triage

Sharing

General

Target

DHL Notification_pdf.exe
Size

381KB
Sample

230424-hs782aac95
MD5

a9f7999b4e36f74de3c8309745eb7456
SHA1

6b6d4bedf95a1795a2be331d8912cdded013100a
SHA256

639bf7ee39d021e52f513f8f18a28403a6022dbd7f0a63dd5fb7a097ece5a6f5
SHA512

7c72940eb27e60a0f2c11ee8d95efd361985d7eb6fe770c8cb07911b70cf3eca1c2a88c06a04812b7142544911a2a726d2b5bd7a3be9edfec26f66d5a719c17d
SSDEEP

6144:8Ya6w8IPXKtO8tPGFlTcyLpsFecHG4mBJ5w2cR9XyJt9p5Xo7:8Yi8Q6wDFlTcyaF5GDBJC2cRRat9p5X6

Score

7^/10

Malware Config

Targets

- Target
  
  DHL Notification_pdf.exe
- Size
  
  381KB
- MD5
  
  a9f7999b4e36f74de3c8309745eb7456
- SHA1
  
  6b6d4bedf95a1795a2be331d8912cdded013100a
- SHA256
  
  639bf7ee39d021e52f513f8f18a28403a6022dbd7f0a63dd5fb7a097ece5a6f5
- SHA512
  
  7c72940eb27e60a0f2c11ee8d95efd361985d7eb6fe770c8cb07911b70cf3eca1c2a88c06a04812b7142544911a2a726d2b5bd7a3be9edfec26f66d5a719c17d
- SSDEEP
  
  6144:8Ya6w8IPXKtO8tPGFlTcyLpsFecHG4mBJ5w2cR9XyJt9p5Xo7:8Yi8Q6wDFlTcyaF5GDBJC2cRRat9p5X6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2