General
-
Target
COMMERCIAL INVOICE_Final.pdf.arj
-
Size
143KB
-
Sample
240423-k319ksfa56
-
MD5
a86814b1919c25d0f2aa7290e548e2d7
-
SHA1
2ced33ef22c968708ff5097d1971197889ef1cdd
-
SHA256
647a7adb9e483de40c1621608116a8d50cb5a0622755f555d8d11ffdc4c609a2
-
SHA512
6a2778f0ca82eac5382a838eda1fa924e5d2682ba174daea4bfdfb4b51c8de9be7705d618111d28f0f3b2e226b6de60a83795937da74fc1449da6f2664b68f6f
-
SSDEEP
3072:fTAIPPujTvSBLwlZi9I/lhF8t72dp0E83oZG4+4zHKJHQuKQDFis:fT3PQvSB6Z4y872/0EWoZG4BbLuis
Static task
static1
Behavioral task
behavioral1
Sample
COMMERCIAL INVOICE_Finalpdf.vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
COMMERCIAL INVOICE_Finalpdf.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
COMMERCIAL INVOICE_Finalpdf.vbs
-
Size
279KB
-
MD5
d51dd423c5f2103977df604208989252
-
SHA1
4944a47a3a05658a7fec601bf526c7913832c587
-
SHA256
e5ec544c99937977cbd0e3df39fcf93f234ff1855ceb23a758a98ba1dfa0c002
-
SHA512
e91bc05bd874233aa264b244ae0ff0faa0fed6ca4161d2af89f8da4099b79c55b6837cf14416a5e1031faf80cf46b3a821803c432a5d7cc99798367509647709
-
SSDEEP
6144:L6dAYDLBLW+8A1ytW3xrbjsSFuHeEC57kdmXl45zaoGGqAP3MQ9scOb987HIJFJW:WnS2ImtCo5inX
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-