General
-
Target
invoice_2318362983713_823931342io.pdf.exe
-
Size
247KB
-
Sample
240818-z15ljsxfpl
-
MD5
ea039a854d20d7734c5add48f1a51c34
-
SHA1
9615dca4c0e46b8a39de5428af7db060399230b2
-
SHA256
69e966e730557fde8fd84317cdef1ece00a8bb3470c0b58f3231e170168af169
-
SHA512
6718e54a59b91537c41ac913f9d8d6ad97b08cf6a61a4d174458738579a33471ef357173fd9eb4d4c9652ed2bf86c41f6da3cdd20fd7af643cd9f5ee6c9e30d5
-
SSDEEP
6144:Tz/LBBTHT+7oEf2ZstxQMSGToLoOhD2saLsW8fsmFBkObjD:PLBdy7FpQMlToThD+sW8fsmP7bj
Malware Config
Targets
-
-
Target
invoice_2318362983713_823931342io.pdf.exe
-
Size
247KB
-
MD5
ea039a854d20d7734c5add48f1a51c34
-
SHA1
9615dca4c0e46b8a39de5428af7db060399230b2
-
SHA256
69e966e730557fde8fd84317cdef1ece00a8bb3470c0b58f3231e170168af169
-
SHA512
6718e54a59b91537c41ac913f9d8d6ad97b08cf6a61a4d174458738579a33471ef357173fd9eb4d4c9652ed2bf86c41f6da3cdd20fd7af643cd9f5ee6c9e30d5
-
SSDEEP
6144:Tz/LBBTHT+7oEf2ZstxQMSGToLoOhD2saLsW8fsmFBkObjD:PLBdy7FpQMlToThD+sW8fsmP7bj
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2