General
-
Target
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b
-
Size
950KB
-
Sample
221128-xlbc2sha77
-
MD5
e5aa0e99526e791426dcc27eb44b48f1
-
SHA1
92a1a13d0c4acd9984d5a14ccb3a4a0e0e9490ca
-
SHA256
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b
-
SHA512
524121e9aa578c3763c89df30e62d2da12135e1840316f357482448386406b03dd6faffc186c1c17bc0405d01c0a852a6a9bdf59f8e6e257e2772fa1db7abce2
-
SSDEEP
12288:rWubT76a9iUutQwPb3inIT4cpamBcNKflIqgpsj1EiM0si+KeYDdTE5TAKz8M9sx:xTJdWmIcHsj1s08Khujz5KyoftV30
Static task
static1
Behavioral task
behavioral1
Sample
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b
-
Size
950KB
-
MD5
e5aa0e99526e791426dcc27eb44b48f1
-
SHA1
92a1a13d0c4acd9984d5a14ccb3a4a0e0e9490ca
-
SHA256
7a59df1dc08e22644f32ed618b450576d9c953dba0d76a5fcc38853ecbc34e7b
-
SHA512
524121e9aa578c3763c89df30e62d2da12135e1840316f357482448386406b03dd6faffc186c1c17bc0405d01c0a852a6a9bdf59f8e6e257e2772fa1db7abce2
-
SSDEEP
12288:rWubT76a9iUutQwPb3inIT4cpamBcNKflIqgpsj1EiM0si+KeYDdTE5TAKz8M9sx:xTJdWmIcHsj1s08Khujz5KyoftV30
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-