General

  • Target

    Purchase Order.zip

  • Size

    545KB

  • Sample

    230125-l83v2ahd2v

  • MD5

    cc5b16d73491511b74c196b841d9b7fb

  • SHA1

    a6731183befd09e6c6970d950b756ea1c3be16a6

  • SHA256

    818e0bab11bfd5cd7c55356efce17fe8c2024a193d968cfb18f70d15a0d12951

  • SHA512

    a515fffd72b3e5dfdf264d70e2f012256946b56337224c1ef64ea99d72d11d33bc7334e466aab3da0abeca72aa44e912b568a1d1031e318d569c60c9cdfbe611

  • SSDEEP

    12288:bpyUo7l/0EfmW6Nem8pjq0/6P2XwXu4y/KF/+Ht/KmPW9uj8:Y0yaNemGqK6PWAubw89LbY

Score
7/10

Malware Config

Targets

    • Target

      Purchase Order.exe

    • Size

      615KB

    • MD5

      ec15ab6bec865de98d39f4ab8e73fe1b

    • SHA1

      95e0fb211f31673dd6f9f4e74360b184250d3fde

    • SHA256

      f56c8e197bbe551942b7e01808646b1ccbb01e8d43fc2ba3e5a6017e40e8e1d4

    • SHA512

      04efb4548509befdcf4a0dd5e61a9e46d9313aeae82f9779d7e2edae8f2f42f058945cf89871f382f1e1b96f065a07e3189a7edd039eb53a7640fe7afd8ccc82

    • SSDEEP

      12288:OmCglZ6MneQ8/aR/O11EqQNIAW8FzQS/dlf2XwE7jo9av/Ksq/Ks6/Ks:tRKAKihcYNrWKQkddW/3OOiS

    Score
    7/10
    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Collection

Email Collection

1
T1114

Tasks