General
-
Target
c51c27c86facb3ce46801e6a9f900292b5ba336760708438483e5246b7440029
-
Size
977KB
-
Sample
221219-vpn27saf2y
-
MD5
350de33f3f3575ab955338dc5418f52e
-
SHA1
e0d18c392922dc79ad30a73ab0f5cfb1445e2f81
-
SHA256
2e2d1b4e01e684060c4d78838abd43364c6ca15086be2d1e3a5ba9adb0185675
-
SHA512
aa325fa8f74300447e9c8da6075b8334e6fc8c9d8c222f6cd6e9a1a43644f97d683a9615fdf8ae3d188bc377b66e947e5e9248d2252a110535f3de8e8092a6aa
-
SSDEEP
24576:JK7RrXp6A53YuVoBIsc/5/dA0b3Y8UITDE0jlqnjjC:JiX753xoBvc/XA0bIMTpAjjC
Static task
static1
Behavioral task
behavioral1
Sample
c51c27c86facb3ce46801e6a9f900292b5ba336760708438483e5246b7440029.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c51c27c86facb3ce46801e6a9f900292b5ba336760708438483e5246b7440029.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
c51c27c86facb3ce46801e6a9f900292b5ba336760708438483e5246b7440029
-
Size
1.1MB
-
MD5
8a4cb873c04ffe6859dd5bb381fed9b2
-
SHA1
c71cb06097a8172057c7dd0ca61c27e164c1939a
-
SHA256
c51c27c86facb3ce46801e6a9f900292b5ba336760708438483e5246b7440029
-
SHA512
352510a901636c9880afea8bdb1b9a8da63bed989b959ef1a560ec6baf59ea09ada9b04f853a838938510507b0d4d3aab484b46876a9801d7f9b138af7bd0fbd
-
SSDEEP
24576:cV/Gyl0a5nGoVsJIsk/DVdmsbzK8+2HDE0j1D3W9:u1F5nnsJvk/Tmsb2sHB7W9
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-