General
-
Target
08122023_0121_CooperativeProject_Details.pdf .exe
-
Size
470KB
-
Sample
231207-vw2a4seb25
-
MD5
d6a6b2a90f67d6d1a59fdb7699ee18ee
-
SHA1
b65b2889a588cade6afcb7addab3b1c8b9cb51f7
-
SHA256
7479eac971f4ab87c476ec9417b2c29b99a4e06c9c3a3af8cd650506a49168c8
-
SHA512
1a707a9ed976738fd79f5d9c9b1db90ddc5f6ec3b5cf227962d2bccaa98e2e373365f1399ec13a98f6a86ff21de9fb16460c6dde2bd2677be7401adeb2837090
-
SSDEEP
6144:i8nENsjJUZHOHT9q3Yc5qh6/LkF8puww:UNsjJUZHOHIYc56mLkF8R
Static task
static1
Behavioral task
behavioral1
Sample
08122023_0121_CooperativeProject_Details.pdf .exe
Resource
win7-20231020-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1ogbCiwBaVXPjDHhV0GcZx3l_HoU1dbid
Targets
-
-
Target
08122023_0121_CooperativeProject_Details.pdf .exe
-
Size
470KB
-
MD5
d6a6b2a90f67d6d1a59fdb7699ee18ee
-
SHA1
b65b2889a588cade6afcb7addab3b1c8b9cb51f7
-
SHA256
7479eac971f4ab87c476ec9417b2c29b99a4e06c9c3a3af8cd650506a49168c8
-
SHA512
1a707a9ed976738fd79f5d9c9b1db90ddc5f6ec3b5cf227962d2bccaa98e2e373365f1399ec13a98f6a86ff21de9fb16460c6dde2bd2677be7401adeb2837090
-
SSDEEP
6144:i8nENsjJUZHOHT9q3Yc5qh6/LkF8puww:UNsjJUZHOHIYc56mLkF8R
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-