General
-
Target
19042024_1619_18042024_dhl_doc_awb_shipping_invoice_18_04_2024_000000000000024.7z
-
Size
22KB
-
Sample
240419-j76t7adf2s
-
MD5
6208bd00d2a8f3c90a8849fb0659af91
-
SHA1
8dd4e3d91d75f5ffecb290732eb8503c8cd58450
-
SHA256
b312e71220b5c1a59397380829978ee5e10404d28c9573f576459fdae6103507
-
SHA512
395ada860a7cf77d880786b2b0f80e486e6054a506d4a7dd272d04ace1ea19b6cb836869358db1ef0db2abc266d568833897044fb615a6358cab10af0594507f
-
SSDEEP
384:c/eyw/5ZveA/cwCnNMOG3yQEU6l6t9MbuEefxxgo+S0j4E0PrQin:x5ZvD/RCnyYBl6rMb5efxx5kjD0zQin
Static task
static1
Behavioral task
behavioral1
Sample
dhl_doc_awb_shipping_invoice_18_04_2024_000000000000024.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dhl_doc_awb_shipping_invoice_18_04_2024_000000000000024.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
dhl_doc_awb_shipping_invoice_18_04_2024_000000000000024.vbs
-
Size
42KB
-
MD5
5734e6a07be159df58b947596cad09dd
-
SHA1
ee9358bab004d5c4e986172bbd0e1af6c85f6663
-
SHA256
7f5ffd39a86f314a261131081bc9557a9f755222ac164bef9a2ee32a6c7b6cd3
-
SHA512
bc420981fe9dbccc9ff71526794c186bbbcd13043bde99710db41f87eddd40ddb35b8c7606afff3634dea3ac1f0ae53b5e6667f44e0e5c64c88c752f4b1ab3ab
-
SSDEEP
768:la5Mt7HMMhtM029ceFAyg0od10q1ZsaaNWVr96XtlyE:lLtFh1DeFAH0ofxKkWtl3
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-