General
-
Target
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6
-
Size
1.5MB
-
Sample
221128-gf9ewsed6t
-
MD5
545577dd1dc0cfaaa54d03aac99b7155
-
SHA1
55cb12e2b4740a5ec2d60307e33782ed93a6ebc4
-
SHA256
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6
-
SHA512
58cd3f2128c3b10b8f717beaae1d8307e77fdefdfedeb7d30884681770412a8770538e215648d932c52652f18340ee24b0422659d2017143a001a86ec3ced7d1
-
SSDEEP
49152:E9Oll20veSDctRwvdIcP4WQWD2BwV7OcKo:5ljvveaIy4K2eVKo
Static task
static1
Behavioral task
behavioral1
Sample
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6
-
Size
1.5MB
-
MD5
545577dd1dc0cfaaa54d03aac99b7155
-
SHA1
55cb12e2b4740a5ec2d60307e33782ed93a6ebc4
-
SHA256
c25ca73a162ddf7280258fd4300beb8fc149124d5a910c0a4c5ed5d92b7fccb6
-
SHA512
58cd3f2128c3b10b8f717beaae1d8307e77fdefdfedeb7d30884681770412a8770538e215648d932c52652f18340ee24b0422659d2017143a001a86ec3ced7d1
-
SSDEEP
49152:E9Oll20veSDctRwvdIcP4WQWD2BwV7OcKo:5ljvveaIy4K2eVKo
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-