Overview

overview

8

Static

static

1763ad148d...18.exe

windows7-x64

8

1763ad148d...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1763ad148de09495046cc9a91d6fd031774b2a2eff82e89cdd4ade9c78b43618

  • Size

    815KB

  • Sample

    221120-p9ljxshd7t

  • MD5

    409cfc9a5eb2e101e3d573cc88abc2d0

  • SHA1

    379eadd0fd0b12ac6dcb2d01e0fa71f241cc15e8

  • SHA256

    1763ad148de09495046cc9a91d6fd031774b2a2eff82e89cdd4ade9c78b43618

  • SHA512

    22ed69700d5cee30e2ff1d28c3aae4fba259ad53ea2c61eee606ee01ae4e68d4a944bfb5f21760b40cce660cbc58aef9a83f568bf632bf8cf1c13d5eaa8e9101

  • SSDEEP

    24576:4t24ksGmtAGhfN9C8CUbQIdNn3d+qEzLZ3qNQYFq:iPLBOUbtn3d+qUIOIq

Score
8/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      1763ad148de09495046cc9a91d6fd031774b2a2eff82e89cdd4ade9c78b43618

    • Size

      815KB

    • MD5

      409cfc9a5eb2e101e3d573cc88abc2d0

    • SHA1

      379eadd0fd0b12ac6dcb2d01e0fa71f241cc15e8

    • SHA256

      1763ad148de09495046cc9a91d6fd031774b2a2eff82e89cdd4ade9c78b43618

    • SHA512

      22ed69700d5cee30e2ff1d28c3aae4fba259ad53ea2c61eee606ee01ae4e68d4a944bfb5f21760b40cce660cbc58aef9a83f568bf632bf8cf1c13d5eaa8e9101

    • SSDEEP

      24576:4t24ksGmtAGhfN9C8CUbQIdNn3d+qEzLZ3qNQYFq:iPLBOUbtn3d+qUIOIq

    Score
    8/10
    persistencemicrosoftphishing

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks