General
-
Target
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e
-
Size
648KB
-
Sample
221003-bpph7aadc6
-
MD5
6f1efdc80f87d1b895004a26c2948210
-
SHA1
cae36f996570f5e520dca5e764bf7815dd490675
-
SHA256
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e
-
SHA512
eec4c05ba75b988fc461a777ee97d38c49093919de2a633dd68a9baf6892e9dfb54efd0675f9cb5df1da6429b02294a6cee921c51ee35871c86144b2f0d1322e
-
SSDEEP
12288:j9ogAOvlpTyhX9oRZ17/gDXsa0mFzPOncImbp3hTRkWaQemLZN:j+gAwvTyhX9AgDXsa0mZPfIgp3hTCWa
Static task
static1
Behavioral task
behavioral1
Sample
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e
-
Size
648KB
-
MD5
6f1efdc80f87d1b895004a26c2948210
-
SHA1
cae36f996570f5e520dca5e764bf7815dd490675
-
SHA256
48d03fa14ce46213813b8f982d48c168c7522be272d6b38a2b34743890e6120e
-
SHA512
eec4c05ba75b988fc461a777ee97d38c49093919de2a633dd68a9baf6892e9dfb54efd0675f9cb5df1da6429b02294a6cee921c51ee35871c86144b2f0d1322e
-
SSDEEP
12288:j9ogAOvlpTyhX9oRZ17/gDXsa0mFzPOncImbp3hTRkWaQemLZN:j+gAwvTyhX9AgDXsa0mZPfIgp3hTCWa
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-