Overview

overview

8

Static

static

3

CONTRATTO-pdf.exe

windows7-x64

8

CONTRATTO-pdf.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba345a1a66446fba55ea23f82459da30632eb5e179d1ab00f3597dce8d97bdb6

  • Size

    1.4MB

  • Sample

    240523-cpqxpaad49

  • MD5

    ea57c831996b4c65b5dbebbee5a6ad1f

  • SHA1

    c42e83e04e0484136d0dfbeec4327a50208d63f5

  • SHA256

    ba345a1a66446fba55ea23f82459da30632eb5e179d1ab00f3597dce8d97bdb6

  • SHA512

    33c5c7d3b3351de144ee0b1e5fc1d5e848b0e91e9ee3bd142da796151bb821bcafbb9b288924bc6b7e4894ab9d8f57c95cfa559d08fa006fe7cbcb67840d13ca

  • SSDEEP

    12288:zTdHutP4ws2ERwu7FHH1Khx1NwkvrpJrqVonoV5Ekikwh:zTi4L2uwupn141xtxoV5Ok

Score
8/10
execution

Malware Config

Targets

    • Target

      CONTRATTO-pdf.bat

    • Size

      869KB

    • MD5

      16aac40d13ff71f987a8895cc0f31fca

    • SHA1

      9a1a7ae7d79971f01e12a9804291e317a564b421

    • SHA256

      37723a2d00f77a033021a408e74b3ab780f65785a57d31d59633482b01291ccb

    • SHA512

      20a35605454025da9f7b426dea274aa8f660e28ba6bd7cef4bbf45c14c04a88c5fd8888f8c78055e110e036ddbd6d011e8461cd04e06c50aa6df1c738593dcc8

    • SSDEEP

      12288:2TdHutP4ws2ERwu7FHH1Khx1NwkvrpJrqVonoV5Ekikwh+:2Ti4L2uwupn141xtxoV5Okx

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks