General

  • Target

    Rechnung0192839182.pdf

  • Size

    88KB

  • Sample

    241010-gp7mnayhlf

  • MD5

    b42da2c97afc62d51147fb36e96a648e

  • SHA1

    ad631d0c4bef6b941bd61ff2860629e654a6c394

  • SHA256

    bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287

  • SHA512

    228db4bb8a54a80a19ac47744acb2bc70125bf73f5974b6cf45644544a1af1864a79a0648676904fd859956892c538e8d65d008cca3a8d9c58d6faa0a760a3fb

  • SSDEEP

    1536:oFdBt4uc0o9uqdh+XICvr/HZ9QDUIWEtZgowq8sAsz+2Vb:cfnokwoIar/Htc+sAsz/b

Malware Config

Targets

    • Target

      Rechnung0192839182.pdf

    • Size

      88KB

    • MD5

      b42da2c97afc62d51147fb36e96a648e

    • SHA1

      ad631d0c4bef6b941bd61ff2860629e654a6c394

    • SHA256

      bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287

    • SHA512

      228db4bb8a54a80a19ac47744acb2bc70125bf73f5974b6cf45644544a1af1864a79a0648676904fd859956892c538e8d65d008cca3a8d9c58d6faa0a760a3fb

    • SSDEEP

      1536:oFdBt4uc0o9uqdh+XICvr/HZ9QDUIWEtZgowq8sAsz+2Vb:cfnokwoIar/Htc+sAsz/b

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks