General
-
Target
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216
-
Size
934KB
-
Sample
220622-qha5jsaae8
-
MD5
6ca909d83984034a7c5e10651f013fbf
-
SHA1
31acefacff84d791f1f5a89c3af0d4cdeaede3ca
-
SHA256
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216
-
SHA512
990f9dda388d71557e216f46fbc43c6fadb6c5927f4865c7f83080c66254ab29c9a54bb025551ec9976ef9f928336272e6ceac18560de440f703c5497fa8b1e0
Static task
static1
Behavioral task
behavioral1
Sample
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216
-
Size
934KB
-
MD5
6ca909d83984034a7c5e10651f013fbf
-
SHA1
31acefacff84d791f1f5a89c3af0d4cdeaede3ca
-
SHA256
2de29c17c68dd52af710a954c63d331e6b7e2fdb914c9122ea5cd6652943c216
-
SHA512
990f9dda388d71557e216f46fbc43c6fadb6c5927f4865c7f83080c66254ab29c9a54bb025551ec9976ef9f928336272e6ceac18560de440f703c5497fa8b1e0
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-