General

  • Target

    PW_infected_Cumminscederberg-In-Service Agreement_pdf.zip

  • Size

    85KB

  • Sample

    241213-qf33js1mek

  • MD5

    86dcf0cc8a18e7d3612199a55b291f98

  • SHA1

    6999828c81da5d37fa44e71f21459f46922e6856

  • SHA256

    764f1d923c530126c9e4b1b214fe349387a49c68f93d6724ba46b4dfb63e0153

  • SHA512

    c05353b772788a5250677f508f72aed03883ec199592f9e165907fd49ec647126d0b5e9eb81b5f8fbb04fe936b7306bb14028b3d66b9b12cf43f4de402a492df

  • SSDEEP

    1536:FdPH5Nbqbaxa3248O4zcjcAt+pXdHx1exxHjkzu6OVuRrJJJ8sLQhaE:hNGB24B4AIAtOlxQfVu3JNW

Malware Config

Targets

    • Target

      Cumminscederberg-In-Service Agreement.pdf

    • Size

      96KB

    • MD5

      539a74eb54b16527b26843d67c78066c

    • SHA1

      24bcdd9d108159175da1fca4927d73a09a5435dd

    • SHA256

      bb7a706618ce2ae0e544cd69f45af9be0ccba23674c91509d88e68df2d2fce89

    • SHA512

      a59d0d6659a142b3b39b1520065163cc0d6f3cd6d21d45ba9b3325f88c91229d71b9b07e31f130b57b5545765bd7e475bfef60fdcf7aee87cccf7f683ab84210

    • SSDEEP

      3072:bEUZMkDIp5x2FiL3MKu0cvMYPWmSSnk9Vw3p:5Mk0p5xH7z/5mSr0

    • A potential corporate email address has been identified in the URL: [email protected]

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Detected potential entity reuse from brand MICROSOFT.

MITRE ATT&CK Enterprise v15

Tasks