General
-
Target
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c
-
Size
2.7MB
-
Sample
220701-dxfmcsaack
-
MD5
1d5e6ffddf61cdd7d45facea5170b492
-
SHA1
3329bc4cfbfd1c89a20624385cec7f6dc75eedfd
-
SHA256
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c
-
SHA512
e40a143845422c9702519c8c13f45c55cf8a7fa1bad5d0a7ae38c752146be1ec7b35019f258f3ecc1dffaf8e8313d1070f6589752a50ae772bf13ee24967ddf3
Static task
static1
Behavioral task
behavioral1
Sample
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c.rtf
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c
-
Size
2.7MB
-
MD5
1d5e6ffddf61cdd7d45facea5170b492
-
SHA1
3329bc4cfbfd1c89a20624385cec7f6dc75eedfd
-
SHA256
f8cd4a33eda9a85b62efa976b8ab19439064247858796405e4fb1cc1c3443b8c
-
SHA512
e40a143845422c9702519c8c13f45c55cf8a7fa1bad5d0a7ae38c752146be1ec7b35019f258f3ecc1dffaf8e8313d1070f6589752a50ae772bf13ee24967ddf3
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-