7ab20ca0107f85b5ec838b76474e2c49f1295041f637f6c7130b745acecebf8a

Sharing

Copy URL

Twitter E-mail

General

Target

(03) PDF ReDirect v2.5.2.exe
Size

7.1MB
Sample

240314-d9pe2abh97
MD5

d84bd466a4de9fbedaabaf9a366cf4e6
SHA1

57f93f838a7204f0fe455bace047aef250e6716d
SHA256

7ab20ca0107f85b5ec838b76474e2c49f1295041f637f6c7130b745acecebf8a
SHA512

465b71d33efe8879737e2cf772c2c52e1f428ff8f14127330764b11a195e03f561b07dd48d7ad91b073afdb28f74281cd9827eacdfa5af13028e14f952b707fd
SSDEEP

196608:WiT7e3WYVlue372YxgQugzoOBvAHG4mMA7mp/i/MWm8:1YVlNKYxugznBvAmIkmp/q7

Score

7^/10

Malware Config

Targets

- Target
  
  (03) PDF ReDirect v2.5.2.exe
- Size
  
  7.1MB
- MD5
  
  d84bd466a4de9fbedaabaf9a366cf4e6
- SHA1
  
  57f93f838a7204f0fe455bace047aef250e6716d
- SHA256
  
  7ab20ca0107f85b5ec838b76474e2c49f1295041f637f6c7130b745acecebf8a
- SHA512
  
  465b71d33efe8879737e2cf772c2c52e1f428ff8f14127330764b11a195e03f561b07dd48d7ad91b073afdb28f74281cd9827eacdfa5af13028e14f952b707fd
- SSDEEP
  
  196608:WiT7e3WYVlue372YxgQugzoOBvAHG4mMA7mp/i/MWm8:1YVlNKYxugznBvAmIkmp/q7
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  PDFR_Printer_Cmds_v25000.exe
- Size
  
  75KB
- MD5
  
  c0ce60a08b267f102b8cabb882f3ea0e
- SHA1
  
  fa819a99e432c9b6f8cdbf63dfbd5ab36f5ba3a0
- SHA256
  
  d9a174775710b606c25d160d1f859e9f7f9a67fecc3612627bf7cd1a3039434f
- SHA512
  
  23b0d8b64be9b938ff0e3b16b6256269dc66b3a8d1a4ba6c05a090fc8b8004b227fb3c3da23de66f354745aae301ff00d5d4980e09be180567f6baee695aa62d
- SSDEEP
  
  1536:bKfjvC6V9VN1fKXMiboLtQzAPwMw7xKhlmM:uLvCnNoLtQz6jw7xKeM
Score

1^/10
behavioral3 behavioral4
- Target
  
  PDF_reDirect.exe
- Size
  
  1.5MB
- MD5
  
  b2196e1528e8943036a29503e953b318
- SHA1
  
  97ff898e279dda9826f2f315c3b7de5cf2210b6f
- SHA256
  
  57d0ec3614255db2a79f49142d057ee1b5f67a5144b8698b00ecfbe2dd91a121
- SHA512
  
  5dbc69d55d5b74354928c19441d37a1b3e41df4b9c984ccad8bc9e39b49bcf6954d1b3cac2358dc6757fb4fcf0a39fff09da7106f0403bc5f0ccc36eae6f8ed7
- SSDEEP
  
  49152:559iWuYRzSOmYHSu8rTug7XQzgcsZMxAd:5mZYj8rTug7XQzgcsZMxAd
Score

1^/10
behavioral5 behavioral6
- Target
  
  Stamps/APPROVED.pdf
- Size
  
  6KB
- MD5
  
  e80189805217c2895e6485c43dca469f
- SHA1
  
  ef1728dd6c33be4dbc513d121aa6da354266c5d7
- SHA256
  
  7025adb480253228d921d8375eb5c8c748904a6229783c2283964db2b71dae77
- SHA512
  
  95f5391d6eac025efc44d5c1719fdedaabf93d32f72f40a25c9df97d2343cdbb87a642ad2e6f499ad5e4ebea037e6cca9ec929352ce5de464c0afeae230a7734
- SSDEEP
  
  96:lBxFTRl1SB3Pba/PAOPpm3haBW/84py/N6XVXVUiF2fJusS3TTU7Hfes:bbTRWPOXBPAz8wy/N6llxF3sskzp
Score

1^/10
behavioral7 behavioral8
- Target
  
  Stamps/COMPLETED.pdf
- Size
  
  6KB
- MD5
  
  db98d0bfd15b91a4909e3c27e407702f
- SHA1
  
  092b11fb71bb4d47d8e16c634d360f3315bf81ea
- SHA256
  
  b6ab48f976660a15d5d13035cc8f7a73893151272d4f909fbad5f24355d6c088
- SHA512
  
  1aac8e88f79c2db9575e287597c0e97be48282e1db55dee245b7c1f77bc29a76fc729da4519f6e3349d60f937a5a3e7e342f3669039f254aa5a140ae10902f0e
- SSDEEP
  
  192:xJuuPp5YXEQquWHR8wy/dqR6uDHQlhnwib:xJuuPp5YXEQo7y/S62QlTb
Score

1^/10
behavioral10 behavioral9
- Target
  
  Stamps/CONFIDENTIAL.pdf
- Size
  
  6KB
- MD5
  
  3715ac43f4db3c4ffdead812334218a4
- SHA1
  
  e1818bfa30fc53211bb17a72dea6f29b2959f1d8
- SHA256
  
  8eb01a010b01d55d59f906b9fa63e9e8e8c1cb73ed36cbb2800983e7b72f8ec3
- SHA512
  
  dc997e97ebadc152b6f2c5743db51d79e82ad9c002ff23f0e8790924a174a1f9fcd110dde5692dbe113926aadbd6b87c4ff4b784d2df6ff9ba64161510623293
- SSDEEP
  
  96:ldAjFj4TzkqS2lFoc74TZyW/84pW/flY25Vzb4M5fFm2z77/qLHJG:7A2XY4oc0T/8wW/fKKf4MGgh
Score

1^/10
behavioral11 behavioral12
- Target
  
  Stamps/DRAFT BLUE.pdf
- Size
  
  6KB
- MD5
  
  5274ca204d925cd2a1f78abac58ff43c
- SHA1
  
  e7b9638ce623842e6090bd8589cc44408f939838
- SHA256
  
  5d67a31f4328b41007874bed83ed803be36b95450f1e51895a09e0c32238b5da
- SHA512
  
  d1d6dc0ada402af0300ff0e643dc20778977da8b39c4c079e8091186b08ee126ade4b4bd1e9cf245e8cbdf64d780cf7728f56d716f892b7cf6b2ba5fcd5cb29f
- SSDEEP
  
  96:lPYeyQJqxtWz4GvjEkLo8JAUHvXD7k6mlJqasOZif4W/84py/hv0xrGk4ifcMR1i:ZqQJ1rNLo8JAUHvXPaaT8wy/mH46fi
Score

1^/10
behavioral13 behavioral14
- Target
  
  Stamps/DRAFT_ULH.pdf
- Size
  
  4KB
- MD5
  
  1d331f09bd371361faa5243a2d71fd69
- SHA1
  
  c92153db25f09e75191584d86342841f1d322e26
- SHA256
  
  77ad58b566f0e2a5422523986da11b915abbcbf9d39d9c99908a8e7890552e7d
- SHA512
  
  178d6d33062e45d1fcb05c034288c1c9a6666783037b2d7cfac7293905cfd7baa0bbe457278afff55f19b113a06454a86772814ff1e105111fd09e622a55305d
- SSDEEP
  
  96:lGpUdBQ3o+B42kelmCT3W3xh411PI3utAnnvCml0NvWHQuDRIDfNoON9aD7Cp:MKaY+/mDxhi14u+nqls7so6avC
Score

1^/10
behavioral15 behavioral16
- Target
  
  Stamps/E-Mail.pdf
- Size
  
  6KB
- MD5
  
  bc457ce4ac84f70ed7eeadb0fa2d0481
- SHA1
  
  d2af8caaabcd1037813499681bedca5ef336d982
- SHA256
  
  8f604f3468966c390b360c7ed2a870f078e560713bd2d6ad56207348e53490d1
- SHA512
  
  762a34066297f42e7da67646fbfcb5ae970bcc33335dd88ec9ab0787a20c5b914ed3ab590c3efc826fddaaef9f301572390fc0f5d34cd9afa47721a555691b23
- SSDEEP
  
  192:WHRB2PD6LiFXjp1MdCVofgNMasc1WrxoKTJrv8X:WUrFT/Po4NvsXOKTZv8X
Score

1^/10
behavioral17 behavioral18
- Target
  
  Stamps/EXP Business Card.pdf
- Size
  
  23KB
- MD5
  
  d5b51823d83ed6363df33b152cc2453b
- SHA1
  
  3864ff4d2b44b4022f05229cb37cdfef871c7436
- SHA256
  
  820ff2f0a426f7bfa6825c787e4e2ad559d155b3f811bf9b2a47a1c8b5bc193c
- SHA512
  
  75bd7366c11b29222ad6027a031d72cb4e0e18b103a72f1fec4a67d728b82463cfd3facb5bd0e7a69a14ee2032aa2f0c0596602cfe621db3a16914b11378c509
- SSDEEP
  
  384:+mOmJxt/YbqYX9mm7JjQQk1y1/B1FrgHt+DXY9A87f5iyK79vPb:5OwY10mlQQkE7LrgN+DXY9A8zgP9vPb
Score

1^/10
behavioral19 behavioral20
- Target
  
  Stamps/FINAL.pdf
- Size
  
  5KB
- MD5
  
  503476fc9edd8f8b848cd0313ca07d2d
- SHA1
  
  ae8ac8c906718938ec9ffe5e07a1f89a4eaedd8d
- SHA256
  
  dcd093fcc6d55469bb02da655e1388c0568eb8ac91aaa3404084107c9a577ee6
- SHA512
  
  f7f469d7d040fdd9671a20dcbfe49da0ceccd2bd75c48b1716a9f7d86f6a9a443750a7136e5be966cfb12675e2ec74aa9be16d8752dccf138113c02a9321f90d
- SSDEEP
  
  96:lZv5ZGHkaiUiJTvcqyXdBFxVqFX0z+SMBuSealW/84py/I5vipxfPcMfjYXxBTUf:rBZ0ksiJTEXdHxVq1Kwgl8wy/I6FcJBM
Score

1^/10
behavioral21 behavioral22
- Target
  
  Stamps/FOR COMMENT.pdf
- Size
  
  6KB
- MD5
  
  89712f7da49fa4d8136f62d5a4425296
- SHA1
  
  3224c7c93c5f915298350d13a0fe647e77cbecf0
- SHA256
  
  1d9b676d93ec5f509891e14f83ebd7de9f629c151e454a608a87e82d3af842db
- SHA512
  
  0db6dfd28e414c96a8427869418e4fa1a5559e136b7b3dfde2ffcf3379829cf7400e71ff425c841bec8b400fb12b9e735c9b45ff460c31fc25fa284284c16326
- SSDEEP
  
  192:lkUoVT2R9+39TeDiU038wW/1238iwJEP0u:GUYT2R+9TeDiPdW/7JEp
Score

1^/10
behavioral23 behavioral24
- Target
  
  Stamps/FOR PUBLIC RELEASE.pdf
- Size
  
  6KB
- MD5
  
  01725f8548e35ef8d7f5b6702e9bc7b9
- SHA1
  
  beca1ee02f43d01c97d00156f4b26a748cfef24a
- SHA256
  
  9d9ac71b16274f63505dc3697a366c7d825f7dcc52cac59252ad173b5db64693
- SHA512
  
  d30f7afc9e329f05c41e9c8854eb0214fa97aa6f76c59e5c96cafdc40ecbe634f225fac6b580f62d0bad998b63188064e4e12aa6f2697810b483f23efd6696cf
- SSDEEP
  
  192:zTj/EYTHa06DvYZz/z18wy/cgmChu7vjGiVJ:zfVzlLy/CMijGq
Score

1^/10
behavioral25 behavioral26
- Target
  
  Stamps/INFORMATION_ONLY.pdf
- Size
  
  5KB
- MD5
  
  d45908dcf6aa4194fa08583c173579d8
- SHA1
  
  43b2397be6dae66c4b89aaae0d23b2ce77450490
- SHA256
  
  f5e99b2122fb80ee498ce4b370846a61f191536058a3e24a81c20907dc9c6132
- SHA512
  
  7ef0ed8e639dcb378b05fa10c12aaee146aa22fe8926d6313489e245114302680d16550d905da6f37bcb1185cd4fece70b2117c199876932a20e71bf46303fd1
- SSDEEP
  
  96:l8U3NmbDRskRxTmBJyQcYNYaoD/c77I9/KW/84py/bfYoQrHI4Z36suxseN+emfB:73NknR0EQcIoxL8wy/bg44ByZoeU1uM
Score

1^/10
behavioral27 behavioral28
- Target
  
  Stamps/NOT APPROVED.pdf
- Size
  
  6KB
- MD5
  
  d200cd4b96dd0c73525cbf7d7c953eb4
- SHA1
  
  1a4a350ff5c23a8175214ed0db4eb05a7dadb929
- SHA256
  
  15c80dbb1d8d99fe7bde382804492169d027b7e70d6ddfda817a7f1b3768ca80
- SHA512
  
  80cfc433a2d9634b4a88738773ea3003b4d2f1a838dbe7459a22c6102af003c29d498ca79e9596f6dd502ab68d0d0135194c3a6212ae40d4de35855a40544e49
- SSDEEP
  
  96:l1SWqLlXAZ/MmV/LY711FXPPHW/84py/OuqY9uv6TzDouac/feZXpETYcXDHIt:XqLlQZg5k8wy/jrouacM5Jc0t
Score

1^/10
behavioral29 behavioral30
- Target
  
  Stamps/NOT FOR PUBLIC RELEASE.pdf
- Size
  
  6KB
- MD5
  
  133b0602f75db9c17f9eb1ce9af32ca3
- SHA1
  
  ae49e3382f0972e049df9834f8caa897bcf8f87e
- SHA256
  
  56368459e3fe15a6f1dedeec7a782ba113e5f7a446add4e3f2899838f2fd9f1d
- SHA512
  
  c50ed5983027029892e612e785a05345829d8207559837792edb8dcbef77123a5adaf1385f09c2dc56fc4028da95c7c94935c66ec049b137186250057c6862ca
- SSDEEP
  
  96:l/1ib8DgubpMHMZ9oa3s1J9rbobVToW/84pW/IFAQuY1ec5i866KZf/fYY2zDAQT:mbGpIMZFsFrbobR8wW/HkpigKdg0+
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32