Overview

overview

8

Static

static

1

Order requ...df.exe

windows7-x64

8

Order requ...df.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order requirements CIF Greece_pdf.7z

  • Size

    737KB

  • Sample

    241121-nyjqhssjat

  • MD5

    ef547d88db716c0e6bd13b79e7887bd8

  • SHA1

    ebf37f75eea58064ebb58174f7771ceaa1cd626d

  • SHA256

    7f13b9acd4eceebec592a638b86b9fec45ceb1117784384a67c04f3b053a2a27

  • SHA512

    6f3e46cbcf80af193bd6aeba0128f32960c582ca7bc3a9feb06efa0cb668f57f5ca3addc9745400fa4a83c60d87311301907b5cfa215e168b799c2ac59ceda7e

  • SSDEEP

    12288:GZnJkCzMTEMbQGpAylHDKo9WpNQjdQ2Ekp26SsgLQBlQJV7mN8vqe/:GZnJ/MbQGpAylyNKtbS1MoVM8vX

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      Order requirements CIF Greece_pdf.exe

    • Size

      813KB

    • MD5

      998e394361bd54c58a1ad2092fca8b6c

    • SHA1

      c68e7856324a50c04ee5e1de46952ecaed47eff7

    • SHA256

      87f519d29ebc3fb1b6bed4a5e7ac4865b029da69d2608548a8db34e4069673ec

    • SHA512

      bb7af9d97e4fed96e000048828826f715fa3f229058326da25cf535629e567389b6129e72b6ef214937f0429d74d35598a7f440af6221ecc56ddeea86f9733b1

    • SSDEEP

      12288:a7CBVenOxJUbx7lU0hbB6y3bn6vlP9Ia8GIbPYkAdwvLRPC6Oe73MFce:6G+OxmF7mSB6yrnMIacPYkAevLRPJyF

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks