General
-
Target
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
-
Size
367KB
-
Sample
230121-rjwnbaeg5v
-
MD5
1693d0a858b8ff3b83852c185880e459
-
SHA1
5f1536f573d9bfef21a4e15273b5a9852d3d81f1
-
SHA256
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
-
SHA512
6d8dd1992e225cf825530ff4a0197fc3ad9bef0235f003c638385077b248191fcf0bafbcd5b9019041fab3b9162b7b642c54acf151d1d7897482f34cf8a91d2a
-
SSDEEP
3072:19UCNIWkLy1K6stSGwm4WV9coNPYPrGN2KZ5EIFo2gM8aycLFxpBnM4y2AM8y+Kq:rEM1zshBjVPYPr9K3z+2DdLF/O
Static task
static1
Behavioral task
behavioral1
Sample
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
-
Size
367KB
-
MD5
1693d0a858b8ff3b83852c185880e459
-
SHA1
5f1536f573d9bfef21a4e15273b5a9852d3d81f1
-
SHA256
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
-
SHA512
6d8dd1992e225cf825530ff4a0197fc3ad9bef0235f003c638385077b248191fcf0bafbcd5b9019041fab3b9162b7b642c54acf151d1d7897482f34cf8a91d2a
-
SSDEEP
3072:19UCNIWkLy1K6stSGwm4WV9coNPYPrGN2KZ5EIFo2gM8aycLFxpBnM4y2AM8y+Kq:rEM1zshBjVPYPr9K3z+2DdLF/O
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-