Overview

overview

8

Static

static

3

DHL DOCUMENTS.pdf

windows7-x64

3

DHL DOCUMENTS.pdf

windows10-2004-x64

3

Label_wayb...df.bat

windows7-x64

8

Label_wayb...df.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C0R561638T119274554.eml

  • Size

    357KB

  • Sample

    240911-xk6skaxapk

  • MD5

    111cb653c031f56520855e4255705867

  • SHA1

    bdf58089ae84090ab7662de55d674ad8d007569a

  • SHA256

    ee6bd635882b8671a4dc5f087d23b486c8ec8a2cef029ebc7b54bed4f87cb87a

  • SHA512

    18b53afaf2f29872417999fbe1e4ab361e45e3243a7cd1fd24b43c1205646aa4bff5b8090a603e363fab035c27be9aff11c7d83d8c77531e3a556fd8f7daf52d

  • SSDEEP

    6144:M+z1aLOqtXg2dhx1iSjC28RPVt2wVlwC6Mb7gdd9b/L4Kd+sluwrkjm1Cye:M+ApXffC2uVsMb7MRL4KwU9rpC

Score
8/10
discoveryexecutionlinkpdf

Malware Config

Targets

    • Target

      DHL DOCUMENTS.pdf

    • Size

      209KB

    • MD5

      61b78af88b7a11495ce31f30e85b534b

    • SHA1

      a0719fd5cfef8f5e0218478144af0a9adf12d093

    • SHA256

      e940aeb482ec2ce42490dbbfcae479653f3faed641e6240d5d215da66dd07611

    • SHA512

      0578750f5c06cc208c9c21680d6ae206cb46a3023dc90dcc3f7b8e0fe2303cb17fcb2b0d101e49c975229a6ea82cf796790ed7da98a22f33db9577010a4cdd94

    • SSDEEP

      3072:eRU/Xl9OdKwPk77hXigudfY241JuphB+WTPL8912eS4Ay1cGtZhJGYVu2NA8cH:bKk7Bsfw1SB+2PLE2jyNZhJt8L

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Label_waybill_original_BL_invoice_packinglist_shipment_09_11_2024_0000000000000000000000000000_pdf.bat

    • Size

      4KB

    • MD5

      bdb2ee22df97ebe7dea52b5c6479e175

    • SHA1

      2d53f84181ca00a1c0eb6a9761e23111b90d2b43

    • SHA256

      a811d2e739d43b7394a0d9ebf5f710827a7d19316039fe76e6ea0fb50ead366e

    • SHA512

      b559cc4a03ed9161688e5eb62adfc57baad6e845ae26c39ef471e37d121d01cd9e50a590b8e4da9a2eb74e35451ae108593bf8f1cadd7a572888b3567cf474d6

    • SSDEEP

      96:JALO6TU9QVMzpFNaRiZhX1IkXMN8LIw67q4+p36ZfJ/LK:cO6TU9PzZaRuhlIkXMScw6G4u6/LK

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks