General
-
Target
04072024_1523_04072024_Payment INV-373728_pdf.gz
-
Size
13KB
-
Sample
240704-ssf5naycnl
-
MD5
3f53bf0bed233825c9ffd41ff2368698
-
SHA1
6cd45056d738138f6f6e01af7dfd3aef1bd4985f
-
SHA256
6fa9dda2a50a4d62342e455cc4a843b30bf25e9f6bca23329607ed1eab36b89e
-
SHA512
acd67a7ce56306624cc2499850f492c174105416002140f39f1cd3cf16081c050261960fa3449584517c51a3b38ab2a88d44b0674e0aba1e580a9121422c43d6
-
SSDEEP
384:2Xwsc+PEIPEI+halF053JndHamYFbj6fWsfM:2gscQXIeF09Tamw6fK
Static task
static1
Behavioral task
behavioral1
Sample
Payment INV-373728_pdf.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Payment INV-373728_pdf.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Payment INV-373728_pdf.vbs
-
Size
22KB
-
MD5
f15820905822cf3b2f11e3c34c3ea408
-
SHA1
1d37cfb741fc1b2fa2a47c088dc9f88edf01a501
-
SHA256
31a6818ba439d39bdae897b77513d3a92d27bc3f93b5b1a5aaf1d77ec5e49738
-
SHA512
4fcc64060f8b747d849f926501e17512098a6736ba23b2f3de0c4073fa76ab58f0629bf828db56c025dd3ce870c033e2db18bd12028f985c5d5921c567d17358
-
SSDEEP
384:Ixr9nWbJlZMmn6nDz1mFYAf+dTRyIK53A5NCFm7Ar+rZsezJy7SAls1/CSAZ9TkQ:IxrYbvZMmn6DhmFYAf+dTYIKtwIslPsf
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-