General

  • Target

    New Inquiry GLES Inquiry G-6463_pdf.scr.exe

  • Size

    707KB

  • Sample

    240825-lbb12syclq

  • MD5

    bf042cd4534d6c0d8ac3a0c5e64bb712

  • SHA1

    6a78d37da5382f5cf6be663b61bea6a1d453de3f

  • SHA256

    3d4448da176ca593c44a436d593ead1e955ec07b0981f0c3c2b49adae484d52e

  • SHA512

    a7ac032999c43e91719f7c98093d978e1f9b66fa374e2b9a903e1adb92af4ae31b9ebd73ae664dffb4c2fff09c4cfee861144249cecc95491ced57c899ea3fcd

  • SSDEEP

    12288:vVVyptXLpaHDNEzCvMcD+zJkWclGS01GjLQFVUmNQyH0n1UlIqyJMmotAKRJ:vVQDXGNEz/cauWcsS01Gj2xQyUnGO

Malware Config

Targets

    • Target

      New Inquiry GLES Inquiry G-6463_pdf.scr.exe

    • Size

      707KB

    • MD5

      bf042cd4534d6c0d8ac3a0c5e64bb712

    • SHA1

      6a78d37da5382f5cf6be663b61bea6a1d453de3f

    • SHA256

      3d4448da176ca593c44a436d593ead1e955ec07b0981f0c3c2b49adae484d52e

    • SHA512

      a7ac032999c43e91719f7c98093d978e1f9b66fa374e2b9a903e1adb92af4ae31b9ebd73ae664dffb4c2fff09c4cfee861144249cecc95491ced57c899ea3fcd

    • SSDEEP

      12288:vVVyptXLpaHDNEzCvMcD+zJkWclGS01GjLQFVUmNQyH0n1UlIqyJMmotAKRJ:vVQDXGNEz/cauWcsS01Gj2xQyUnGO

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks