General
-
Target
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
Size
595KB
-
Sample
221126-qtlqesfh66
-
MD5
3c24d55d8ffb5df897c1bd8f9e0df713
-
SHA1
7d16da3ae8a1248fe66ecbceac439acbd87adcf3
-
SHA256
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
SHA512
63d60c98af1f55fe1a20824ea232b85d1c034b520b4795e8e0272b2d75487360f57d23bfe948af418f0ff32dfa94fa9cdc18d1634b8c8bd3209c61a733e508ba
-
SSDEEP
12288:+b+Xl3dHIfW/8HUcVgH1n+k0lpp26lHN:+olN5kHUcVgYkcp4S
Static task
static1
Behavioral task
behavioral1
Sample
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
imabrinde.pt - Port:
587 - Username:
[email protected] - Password:
need4speed@
Targets
-
-
Target
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
Size
595KB
-
MD5
3c24d55d8ffb5df897c1bd8f9e0df713
-
SHA1
7d16da3ae8a1248fe66ecbceac439acbd87adcf3
-
SHA256
97f11470b826cf40d30fb777cf658114653691e5eaa237fa68c06c54dddc815c
-
SHA512
63d60c98af1f55fe1a20824ea232b85d1c034b520b4795e8e0272b2d75487360f57d23bfe948af418f0ff32dfa94fa9cdc18d1634b8c8bd3209c61a733e508ba
-
SSDEEP
12288:+b+Xl3dHIfW/8HUcVgH1n+k0lpp26lHN:+olN5kHUcVgYkcp4S
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-