General
-
Target
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d
-
Size
581KB
-
Sample
221126-wnchfsgb9v
-
MD5
bac91dd59d615541f76fd1505b37a9f5
-
SHA1
da33b98358b71ac3855ae090059c9cd550307e62
-
SHA256
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d
-
SHA512
f8d14b58dac131118605f9fb2992cf9a36442dae8354a51f7dd956706f63a1b5998d17621db4e102d7096e5f82869d192bd885cad08715f1b23264d6e0a9f61a
-
SSDEEP
12288:q2ZokZYe9t4k0K9w5jvu5DQL7N6VkFYTfAq6Du2La8VYMhHl8d:qZ+YCR05125YIjz6Du+uMh
Static task
static1
Behavioral task
behavioral1
Sample
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d
-
Size
581KB
-
MD5
bac91dd59d615541f76fd1505b37a9f5
-
SHA1
da33b98358b71ac3855ae090059c9cd550307e62
-
SHA256
98f5cf41047da31472185fe7b201bde52889a12172d8c3a503401cd34964789d
-
SHA512
f8d14b58dac131118605f9fb2992cf9a36442dae8354a51f7dd956706f63a1b5998d17621db4e102d7096e5f82869d192bd885cad08715f1b23264d6e0a9f61a
-
SSDEEP
12288:q2ZokZYe9t4k0K9w5jvu5DQL7N6VkFYTfAq6Du2La8VYMhHl8d:qZ+YCR05125YIjz6Du+uMh
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-