General
-
Target
SAMPLE.SPECIFICATION.ORDER.PDF.Gz.exe
-
Size
486KB
-
Sample
211112-mbdqbaabcr
-
MD5
1675ee820ee582757aaaaff970676b81
-
SHA1
5df5eabc559c85884ecbe224ba8bc98d99a63ecf
-
SHA256
c552847e3e465af426770867050cca43a6cafb7bcf6ea126ca6ed09fc0971155
-
SHA512
14e7ea207ae9258180f899e580be6744944f372a48572942896e51dc7c7e82bca9ec7410acd5cb0ed9a59a6aeb8e8f85ea5553141e0c7ba2a2449ee9dac741f4
Static task
static1
Behavioral task
behavioral1
Sample
SAMPLE.SPECIFICATION.ORDER.PDF.Gz.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SAMPLE.SPECIFICATION.ORDER.PDF.Gz.exe
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
SAMPLE.SPECIFICATION.ORDER.PDF.Gz.exe
-
Size
486KB
-
MD5
1675ee820ee582757aaaaff970676b81
-
SHA1
5df5eabc559c85884ecbe224ba8bc98d99a63ecf
-
SHA256
c552847e3e465af426770867050cca43a6cafb7bcf6ea126ca6ed09fc0971155
-
SHA512
14e7ea207ae9258180f899e580be6744944f372a48572942896e51dc7c7e82bca9ec7410acd5cb0ed9a59a6aeb8e8f85ea5553141e0c7ba2a2449ee9dac741f4
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-