General

  • Target

    Corel Contract.pdf.exe

  • Size

    31.9MB

  • Sample

    240509-gtl7hsge76

  • MD5

    fa0a845244e29f452ba64d1955402b70

  • SHA1

    4290a01fc6059372f47c36580699f61f258e0135

  • SHA256

    f5f4b491da95138521f2753f9d673b494ea17014ef4784d48a106a43be622115

  • SHA512

    3e5c171c9f30387444b44b1092220443e1c1c13c0a7480549f7949c48c14f8878bd7f34d6c1ae43c7b12f32d666b006f8ba3d294cc10ac9c0145910c25dd0228

  • SSDEEP

    393216:UVUdMsKOwv6aVsoHIwC1cBC8GGwIitdeWFgUHiMrwPVu/jKFdu9CwJsv6tzgmu:KQMsKqaVLBC1cKGwIitdeOgUHiMF/Wb

Score
10/10

Malware Config

Targets

    • Target

      Corel Contract.pdf.exe

    • Size

      31.9MB

    • MD5

      fa0a845244e29f452ba64d1955402b70

    • SHA1

      4290a01fc6059372f47c36580699f61f258e0135

    • SHA256

      f5f4b491da95138521f2753f9d673b494ea17014ef4784d48a106a43be622115

    • SHA512

      3e5c171c9f30387444b44b1092220443e1c1c13c0a7480549f7949c48c14f8878bd7f34d6c1ae43c7b12f32d666b006f8ba3d294cc10ac9c0145910c25dd0228

    • SSDEEP

      393216:UVUdMsKOwv6aVsoHIwC1cBC8GGwIitdeWFgUHiMrwPVu/jKFdu9CwJsv6tzgmu:KQMsKqaVLBC1cKGwIitdeOgUHiMF/Wb

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks