General

  • Target

    Nowe zam�wienie.zip

  • Size

    7KB

  • Sample

    240909-lehm1a1drj

  • MD5

    4d268c0642686e9344c9761a77f21859

  • SHA1

    dfc2546db3b7e4ede60f0d3d176e981ecb1a1286

  • SHA256

    8b8b106d00671b48d72df517885e1c8444fc01d2072af30f304680e619c0a0dd

  • SHA512

    afa35136ed912e900b026af5dd822f69b0d8a47285435c3056612efefe6fba91342b78bbc99508063e4c2f28d451cf150816cc1bacb646f105bfcdcafc8ef07e

  • SSDEEP

    192:Uo23+gZje5lZa0qaZXmYBVc1yJ+U527Y+v+nfxtVdMq5/:Uo1gh2S0PZ0BU50Y+2nfxtVd55/

Malware Config

Targets

    • Target

      Nowe zamwienie.exe

    • Size

      17KB

    • MD5

      e1a906c8e061756213b4745e769a86db

    • SHA1

      a5a3af63dc82bbfc302f9b3471e6115e2d456056

    • SHA256

      8239559d5c986284031b5918e229e63e61ea790e35cd1e972241bd3ff36b5087

    • SHA512

      8e2e64c4376ad2059ebb31d9d2d7612b19de4520de69094d96375d1ba020319230d6687811bf359511498a9204af5df47649b9e820c9deb50e0862d805cc2545

    • SSDEEP

      384:visr/4fP4+g0az4F/4PI2zAybVofffFGdD:aWeWzAAvdD

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks