General

  • Target

    proforma invoice.exe

  • Size

    426KB

  • Sample

    200624-lxa7c3xr9e

  • MD5

    9e589779b1777914e2fd220aa90841c1

  • SHA1

    94d8313b3769e059e11a73c122204f229403e823

  • SHA256

    6f03cb7c4d22e4580f919f348c2f35ec39efff0ac267c0e39833baf906c6bc06

  • SHA512

    e3e8eb235e898e5c413abc9faab86817bb65b3435f01895a4499c2e575a2dd9de8cdd94c3ffa24caeaeef8a6aa35012cfc078ba2c37804cbc62385a83f333379

Score
7/10

Malware Config

Targets

    • Target

      proforma invoice.exe

    • Size

      426KB

    • MD5

      9e589779b1777914e2fd220aa90841c1

    • SHA1

      94d8313b3769e059e11a73c122204f229403e823

    • SHA256

      6f03cb7c4d22e4580f919f348c2f35ec39efff0ac267c0e39833baf906c6bc06

    • SHA512

      e3e8eb235e898e5c413abc9faab86817bb65b3435f01895a4499c2e575a2dd9de8cdd94c3ffa24caeaeef8a6aa35012cfc078ba2c37804cbc62385a83f333379

    Score
    7/10
    • Drops startup file

    • Adds Run entry to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks