General
-
Target
09876789.PDF.ISO.zip
-
Size
499KB
-
Sample
221027-rmvkescdgk
-
MD5
08aaf0c554929b6a9f030561e2e1617b
-
SHA1
858540fec5a75500172ce18ca645fcb2d5f159eb
-
SHA256
66aba750defce5cd91b0b49e1d220dee17eb71ec88ced2743c7990ef10c15da4
-
SHA512
21d9660f10c0e59d40608eabde125e14c00d89538debfbd447d1ae060d298ff705d2df11c20a44176369a3a43783b2b6e823c7ece851dc300d0f639d7d545930
-
SSDEEP
12288:OilmQN3TiKYs8ecDrhCw5+lq1/zwu/OiwbZ39o1Bl7BJGhG:pkQ0KYs8fF5+ly7L/OZ3yBb4hG
Static task
static1
Behavioral task
behavioral1
Sample
09876789.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
09876789.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
09876789.exe
-
Size
534KB
-
MD5
059ad08d9e8eef31013b815016bf2c50
-
SHA1
ec7aca3235e337104cae18b08519445907e33400
-
SHA256
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571
-
SHA512
5f496575852ca180ca92df1aeaa221613259d1666936c37602f5ca605a24b8dc3394cb0323683bfef257f9b71e9235984482482df237afe4cf59ed232a30ff68
-
SSDEEP
12288:lnC3ziKYs6O6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGH1:ln5KYs6ZlT+lQTD/O3BArRCH1
-
StormKitty payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-