Overview

overview

8

Static

static

3

38f8f20eae...bc.pdf

windows10-2004-x64

8

Resubmissions

06-12-2024 10:33

241206-mlpwbssrct 10

06-12-2024 10:28

241206-mh1tessqbs 8

06-12-2024 02:25

241206-cwfeja1mgn 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf

  • Size

    16KB

  • Sample

    241206-mh1tessqbs

  • MD5

    e51378e49d1aa79ce88c018d748a186c

  • SHA1

    d2e31a96af911a0cf932ec860ce839e254fbd5c8

  • SHA256

    38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc

  • SHA512

    0f28b75712bcc9307e8bfe0b9c692cf1f582c957a718dde3eed7485c4e050075ef45ad49f57ade1536ac6b4c6418a26656318bc630156936892fd2c999fa0604

  • SSDEEP

    384:9q3MsrhjEN4gQ3micNexY27IEPCUSkSaHTeOHAgJlATCUSN:9q3prh04d2aFU2dHTDHv62

Score
8/10
discoverylinkmotwpdfpersistencephishing

Malware Config

Targets

    • Target

      38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf

    • Size

      16KB

    • MD5

      e51378e49d1aa79ce88c018d748a186c

    • SHA1

      d2e31a96af911a0cf932ec860ce839e254fbd5c8

    • SHA256

      38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc

    • SHA512

      0f28b75712bcc9307e8bfe0b9c692cf1f582c957a718dde3eed7485c4e050075ef45ad49f57ade1536ac6b4c6418a26656318bc630156936892fd2c999fa0604

    • SSDEEP

      384:9q3MsrhjEN4gQ3micNexY27IEPCUSkSaHTeOHAgJlATCUSN:9q3prh04d2aFU2dHTDHv62

    Score
    8/10
    discoverymotwpersistencephishing

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks