Overview

overview

10

Static

static

3

invoice_23...df.exe

windows7-x64

10

invoice_23...df.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a15ba2635a8f374c4abd443c0b098352_JaffaCakes118

  • Size

    171KB

  • Sample

    240612-t4nvba1hlg

  • MD5

    a15ba2635a8f374c4abd443c0b098352

  • SHA1

    064fad0e327042cc0cbe0de2fbd5d9697eb2b5ae

  • SHA256

    ce5a0719b1a6ed6687dd768df2634927f24ad72d4c3b6d26b4a41bebeb8fd16b

  • SHA512

    60fccca989e2e893b9a05afa007111c1ac9eae280e271d5db05fabbb9beef54e1323930450c0d1ed24fd43d52c58f97c2ba266667e678da485d171b0d41425c9

  • SSDEEP

    3072:LGfv6O4Wc3uSUjxNoaOHFfRdcFMLmMUg+2sPWZuYacIR+/Rw88NsxKpzW:L/F3LUjvoRHFfbm39HhYTIRNixKpK

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      invoice_2318362983713_823931342io.pdf.exe

    • Size

      247KB

    • MD5

      ea039a854d20d7734c5add48f1a51c34

    • SHA1

      9615dca4c0e46b8a39de5428af7db060399230b2

    • SHA256

      69e966e730557fde8fd84317cdef1ece00a8bb3470c0b58f3231e170168af169

    • SHA512

      6718e54a59b91537c41ac913f9d8d6ad97b08cf6a61a4d174458738579a33471ef357173fd9eb4d4c9652ed2bf86c41f6da3cdd20fd7af643cd9f5ee6c9e30d5

    • SSDEEP

      6144:Tz/LBBTHT+7oEf2ZstxQMSGToLoOhD2saLsW8fsmFBkObjD:PLBdy7FpQMlToThD+sW8fsmP7bj

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks