Overview

overview

8

Static

static

1

PURCHASE O...df.exe

windows7-x64

8

PURCHASE O...df.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dba6e3afcba60ce8dbacf4658c61235beb77d8fadbaa04b332caa635f0a586b

  • Size

    724KB

  • Sample

    241217-hvzdxavkcp

  • MD5

    89d0c6258f667d40f217880da85c4217

  • SHA1

    0d8a676af02810b4fd0cb6f1730c864ba4adbcba

  • SHA256

    4dba6e3afcba60ce8dbacf4658c61235beb77d8fadbaa04b332caa635f0a586b

  • SHA512

    cb23438c3a7f2f00350b122178284e4fc1cf4d8188591dcf55f31beb7b779674a62d098ae0d7c545fb8611b0d9d8f334c1815bfdae24b2a08e1b0ed1946f8e9e

  • SSDEEP

    12288:o6C6xtQ7DTbC4fVeR+S0QZ4RcuLXa9kljR0hE/V5DeAsjFtLEijNu7V0S:nxQTblegS0QuVLX7j55R8FtIi8Vn

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exe

    • Size

      831KB

    • MD5

      c4faffa021478685316c135cd34ed748

    • SHA1

      df5fafcc42f6a31cf4f6ac615f3716b456d09d5f

    • SHA256

      1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd

    • SHA512

      432b2d8d82336779fbf63d29377b17ea912ab6b371f92e2c6d741a0e04bd27e618e9a723f2f5b6d39cdb00cf1d3104bd2ecd83b982965ba3387119f42dd7e51c

    • SSDEEP

      12288:9/AKvOLTbCKfneL+I0gr4Rc6LXaZMljR0lE/V5Je0sZptLOijNu7D0p:6oOLTb7e6I0g8HLX7jH5toptKigD2

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks