General
-
Target
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135
-
Size
480KB
-
Sample
220621-yrn2rsedh9
-
MD5
c8fb97a8a400781bf8f7e3d2ab66e95a
-
SHA1
2f42b75e629ddd394e6cbefea073ad6671882e5a
-
SHA256
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135
-
SHA512
dec78f6209cd8c2f673234761dccf97aa692cccbb856d2a7f1e6a0695ca57c9d1938dd091c648819fc94bb017c1927305ad1ba3204c0d2aa4d5a328ad7ad3011
Static task
static1
Behavioral task
behavioral1
Sample
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135
-
Size
480KB
-
MD5
c8fb97a8a400781bf8f7e3d2ab66e95a
-
SHA1
2f42b75e629ddd394e6cbefea073ad6671882e5a
-
SHA256
2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135
-
SHA512
dec78f6209cd8c2f673234761dccf97aa692cccbb856d2a7f1e6a0695ca57c9d1938dd091c648819fc94bb017c1927305ad1ba3204c0d2aa4d5a328ad7ad3011
Score7/10-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-