General
-
Target
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6
-
Size
939KB
-
Sample
221128-k7j6vsca55
-
MD5
2f561c6c72a26b84810af371b51018f3
-
SHA1
36ebdc8dbce73e2e751d639dd91ca78739b31ac5
-
SHA256
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6
-
SHA512
b6c60c2b8388687ce9d2869f53c8f9cb28d9814bb3048423a63fa6ef712c5da8a7a9567bad5a754d13d38bb87746ce9b8fe935561c2451daeae32eb9ca38d974
-
SSDEEP
24576:wkl2FbNWek29p1Q0oXHY4geMVxYEOdHQhioL3JPBRQ:Ll2FhHlGRM34SB7
Static task
static1
Behavioral task
behavioral1
Sample
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6
-
Size
939KB
-
MD5
2f561c6c72a26b84810af371b51018f3
-
SHA1
36ebdc8dbce73e2e751d639dd91ca78739b31ac5
-
SHA256
484764279ea3b54b8480cb6c458de66d670a1742b72b30eca65e9881959228e6
-
SHA512
b6c60c2b8388687ce9d2869f53c8f9cb28d9814bb3048423a63fa6ef712c5da8a7a9567bad5a754d13d38bb87746ce9b8fe935561c2451daeae32eb9ca38d974
-
SSDEEP
24576:wkl2FbNWek29p1Q0oXHY4geMVxYEOdHQhioL3JPBRQ:Ll2FhHlGRM34SB7
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-