General

  • Target

    fefba9da90b42810950d4b47cbe782bd5ee508b56eb7ebc5f61730a2bfcac816

  • Size

    3.6MB

  • Sample

    221127-rct6xacf29

  • MD5

    13978ff0d1e01871d1d817c512a208b6

  • SHA1

    1e01f50d30ea18200d9d3490371240cb729c39e4

  • SHA256

    fefba9da90b42810950d4b47cbe782bd5ee508b56eb7ebc5f61730a2bfcac816

  • SHA512

    cac2d6691f1dbfca95bd03bd3077fa93b24060df9767d1b9fec0309e56a92684978e9f59013e176f69f1b05d9c31814aa5a3ffbe591213ccaaf75ed6bb971aeb

  • SSDEEP

    49152:dVg5tQ7ag15wZd5/zbOhnM4L6rm8+JeZ74AF4i28NUhrTQecOAP4A3tKL:jg56m/z6nM4eaV8OrCOAPhKL

Malware Config

Targets

    • Target

      fefba9da90b42810950d4b47cbe782bd5ee508b56eb7ebc5f61730a2bfcac816

    • Size

      3.6MB

    • MD5

      13978ff0d1e01871d1d817c512a208b6

    • SHA1

      1e01f50d30ea18200d9d3490371240cb729c39e4

    • SHA256

      fefba9da90b42810950d4b47cbe782bd5ee508b56eb7ebc5f61730a2bfcac816

    • SHA512

      cac2d6691f1dbfca95bd03bd3077fa93b24060df9767d1b9fec0309e56a92684978e9f59013e176f69f1b05d9c31814aa5a3ffbe591213ccaaf75ed6bb971aeb

    • SSDEEP

      49152:dVg5tQ7ag15wZd5/zbOhnM4L6rm8+JeZ74AF4i28NUhrTQecOAP4A3tKL:jg56m/z6nM4eaV8OrCOAPhKL

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Collection

Email Collection

1
T1114

Tasks