bd60f3de34af2f263cd93e5456c777e0ced39dfc250f258f9029c266abc65144

Sharing

Copy URL

Twitter E-mail

General

Target

FW NEW RFQ PO1602.msg
Size

1.6MB
Sample

240813-rlspfayanc
MD5

96270f5823effbff153e9dba77a1c7f0
SHA1

f8e49f9ce2413f57836db531b63dfb3f70e49803
SHA256

bd60f3de34af2f263cd93e5456c777e0ced39dfc250f258f9029c266abc65144
SHA512

42c54bba7f91bb553c671822614d95f48d45d9f07f76800ef1cf020ef446d536cab16f92635663fe8ddc6efd294dd5ee0893ba9f814a871f06ab874c47228f2f
SSDEEP

24576:3Y0zjqgt/T38jty8hs4fPYmgrwaYZgAzzhfh4:I0qE/IjlffP2KZv9f

Score

10^/10

Malware Config

Targets

- Target
  
  Pepsico Company Profile.exe
- Size
  
  649KB
- MD5
  
  6fe36f5cd0c522ca1241658ec2553db3
- SHA1
  
  f197615adff4daace92fd2f0c4f266a6170aa464
- SHA256
  
  e7e5fbeb7606fdcdb246a9df4efaf2896a82cd335babded9231dd990a110628f
- SHA512
  
  2b288eab811c12a818d089d419b8e51ee0b3692274010303f968fae82dde99a82c8601621860222c3b365f64fcc6508310e51cf3a954414054822d293d39196b
- SSDEEP
  
  12288:BY0bffsWYCGpoTt4wT3eFjtyiyCgchaxpvQfSgYE:BY0zjqgt/T38jty8hs4fPYE
Score

7^/10

discovery
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  RFQ Data Sheet Technical Specifications Conditioning System Package_PFD.xls
- Size
  
  327KB
- MD5
  
  cc61a84acf7b534e532fab431480c33c
- SHA1
  
  88b007d75f1f24d6001b9e9257dc97c800c78ba2
- SHA256
  
  9b1162db6e8c02d209e9de6803f5639e9994b2752efcdae10462b5cc008e8218
- SHA512
  
  2d7bbefb32432330080224c8a167321e1b89d777edbac30e8cb7bd396505b7fd03c316d89d0721b49ccded8d6ec1d9aa8879d0a58b520138a7e80018f412168f
- SSDEEP
  
  6144:IrwfU+iLch1FKYPEpAMcZ0MnADLVw0EAq6aQozyPpFSncaI2bnfjt4E:IrwaYZ1eAMcZD/rOmgUnfh4
Score

10^/10

defense_evasion discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Evasion via Device Credential Deployment
  defense_evasion execution
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Process spawned unexpected child process

Blocklisted process makes network request

Downloads MZ/PE file

Evasion via Device Credential Deployment

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8