General

  • Target

    Платіжна_інструкція.pdf

  • Size

    124KB

  • Sample

    240614-lm5gqsyejk

  • MD5

    3e36278e82fe98eede8b9aa20c4100c0

  • SHA1

    4fa78e8f9957d7d3fdd325adca768a755249f46f

  • SHA256

    32e0f3fc12f1949e5ed8c3e346d1beaa283f8c26c28fe14a7ab18ab78fc354a2

  • SHA512

    0f7273afc5325bcd32056e2a87f473aec75e006b24c5d4af69fce3e20cb4dc020e8d6bb4495cddb07b98873957e62b7645032ed4a9dfc45c156fb38984397781

  • SSDEEP

    1536:0FzssWe6c7t6AAzHXBV/GtzRo34DYpsanqieOaKsmeOaKsn2Qa:0NdP7t6Akenanqysmsn2T

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fimdocuspon.ru/sportmaster/gymwin.exe

Targets

    • Target

      Платіжна_інструкція.pdf

    • Size

      124KB

    • MD5

      3e36278e82fe98eede8b9aa20c4100c0

    • SHA1

      4fa78e8f9957d7d3fdd325adca768a755249f46f

    • SHA256

      32e0f3fc12f1949e5ed8c3e346d1beaa283f8c26c28fe14a7ab18ab78fc354a2

    • SHA512

      0f7273afc5325bcd32056e2a87f473aec75e006b24c5d4af69fce3e20cb4dc020e8d6bb4495cddb07b98873957e62b7645032ed4a9dfc45c156fb38984397781

    • SSDEEP

      1536:0FzssWe6c7t6AAzHXBV/GtzRo34DYpsanqieOaKsmeOaKsn2Qa:0NdP7t6Akenanqysmsn2T

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks