8172cef7c7108c54ff2f99f798f2f7417253126bb30e549ce9156882fabd833f

General

Target

OBNOVLJENI UGOVOR-pdf.bat
Size

1.0MB
Sample

250218-k5jgjszry9
MD5

1213fb56fcf7a24897e8a0a0934f4a19
SHA1

6bdba42ed5ca591380caeb06474ff475e63d9b65
SHA256

8172cef7c7108c54ff2f99f798f2f7417253126bb30e549ce9156882fabd833f
SHA512

d812565e3890be7c36d0dbe40ef566a74b63c4ee3f534f84b86a103aa235f202404a3850d23cbb957b502bd9314894754971028372a5c4b249a225e8398ce885
SSDEEP

24576:18wmJn6Nt823fzXDkDqxJeAKA5FbcJ0pGehLGYzJAkWo:13m6Nt8kDcq75FUTaLGsJBW

Score

8^/10

Malware Config

Targets

- Target
  
  OBNOVLJENI UGOVOR-pdf.bat
- Size
  
  1.0MB
- MD5
  
  1213fb56fcf7a24897e8a0a0934f4a19
- SHA1
  
  6bdba42ed5ca591380caeb06474ff475e63d9b65
- SHA256
  
  8172cef7c7108c54ff2f99f798f2f7417253126bb30e549ce9156882fabd833f
- SHA512
  
  d812565e3890be7c36d0dbe40ef566a74b63c4ee3f534f84b86a103aa235f202404a3850d23cbb957b502bd9314894754971028372a5c4b249a225e8398ce885
- SSDEEP
  
  24576:18wmJn6Nt823fzXDkDqxJeAKA5FbcJ0pGehLGYzJAkWo:13m6Nt8kDcq75FUTaLGsJBW
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Traadspinderiets.Har
- Size
  
  55KB
- MD5
  
  eaf1df4bc77cdca234e0a8a155a74e3f
- SHA1
  
  61f58bb82f000bd22b7de7dfbea00c112ec449a0
- SHA256
  
  924cc16bec1beea5a48efaf045bfc0453c1d32f85d856fdbfbbae9e9ce2df109
- SHA512
  
  9aba70b35202a526c79539ad2cdddaeb3ce0d6c6a5ee4ddf9ac5e74bf9b2c6827f723f17bd29b0944a32610171947cb0337f1ac0e6feb76d85a425ee69666246
- SSDEEP
  
  1536:MGhmBtngbXTs7LvRrq9s18xo9GegSZ/DaPDI:NotgLTgrAQbUE
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4