General
-
Target
b45290f1bd188bfd383ce3c97bd8d5c700a810f18c04d24e89c1a0e3367569dd
-
Size
943KB
-
Sample
221127-lwqpyage48
-
MD5
9a17788b23bac8103c5d06d53ffaec54
-
SHA1
c6721d9779c705814f8e3763b05ad6782f01e486
-
SHA256
b45290f1bd188bfd383ce3c97bd8d5c700a810f18c04d24e89c1a0e3367569dd
-
SHA512
4ea9453014bd1a6c5eef55c3e51939ae04d728c30d84446f3134fab5c46cf711ed3e8dac6bb12d3725d945f3d099f05463a16bd3232085005f57ededd1f74c17
-
SSDEEP
24576:QM3ny/PatRuAk1DpHisfX4G1Ugij0qS+:QMnk1DpCsfXj1UP0Y
Static task
static1
Behavioral task
behavioral1
Sample
b45290f1bd188bfd383ce3c97bd8d5c700a810f18c04d24e89c1a0e3367569dd.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
b45290f1bd188bfd383ce3c97bd8d5c700a810f18c04d24e89c1a0e3367569dd
-
Size
943KB
-
MD5
9a17788b23bac8103c5d06d53ffaec54
-
SHA1
c6721d9779c705814f8e3763b05ad6782f01e486
-
SHA256
b45290f1bd188bfd383ce3c97bd8d5c700a810f18c04d24e89c1a0e3367569dd
-
SHA512
4ea9453014bd1a6c5eef55c3e51939ae04d728c30d84446f3134fab5c46cf711ed3e8dac6bb12d3725d945f3d099f05463a16bd3232085005f57ededd1f74c17
-
SSDEEP
24576:QM3ny/PatRuAk1DpHisfX4G1Ugij0qS+:QMnk1DpCsfXj1UP0Y
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-