General
-
Target
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
Size
1.1MB
-
Sample
221126-aq52wsce9t
-
MD5
be77119e22610ed15c2c80807d895225
-
SHA1
c252c1dbe02adb8b327a319224e016181d023762
-
SHA256
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
SHA512
716ee6b8cace20ca686a7ab82c25236504c633b0bb274ca75f590d25f6506b6bb4d5c54f7b1f09635208b04062981369303070e236f1b6618b897c2e3162e192
-
SSDEEP
24576:52LTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:ox6
Static task
static1
Behavioral task
behavioral1
Sample
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
Size
1.1MB
-
MD5
be77119e22610ed15c2c80807d895225
-
SHA1
c252c1dbe02adb8b327a319224e016181d023762
-
SHA256
0bae1f5243ee21062dd56285454a0862516d7f22d7f9f6bd798c24baf048ee5c
-
SHA512
716ee6b8cace20ca686a7ab82c25236504c633b0bb274ca75f590d25f6506b6bb4d5c54f7b1f09635208b04062981369303070e236f1b6618b897c2e3162e192
-
SSDEEP
24576:52LTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:ox6
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-