General
-
Target
F24_023.pdf.js
-
Size
2KB
-
Sample
240618-pvbq6stdrg
-
MD5
d07b33862ae532913f04117edb1c252c
-
SHA1
b981c86e0a41aa9a298a3436b14c6c86d5c6dae3
-
SHA256
e84a0e1c0a65c25debdef56aaab3c45130629fc05a93658f6ef63396ac93ba9d
-
SHA512
5ea8f391af3eb1b2c512b230406f2c14dc08b298379ffcc5aabdbef40c1246d616c4177ff99cc6b2833c061ee0b9e475d8bc681ada72283bdffb246712b9c1ab
Static task
static1
Behavioral task
behavioral1
Sample
F24_023.pdf.js
Resource
win7-20231129-it
Malware Config
Targets
-
-
Target
F24_023.pdf.js
-
Size
2KB
-
MD5
d07b33862ae532913f04117edb1c252c
-
SHA1
b981c86e0a41aa9a298a3436b14c6c86d5c6dae3
-
SHA256
e84a0e1c0a65c25debdef56aaab3c45130629fc05a93658f6ef63396ac93ba9d
-
SHA512
5ea8f391af3eb1b2c512b230406f2c14dc08b298379ffcc5aabdbef40c1246d616c4177ff99cc6b2833c061ee0b9e475d8bc681ada72283bdffb246712b9c1ab
-
Modifies visibility of file extensions in Explorer
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1