5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e | Triage

Sharing

General

Target

invoice and packing list.exe
Size

863KB
Sample

230125-mg5qzsfg24
MD5

629650941c646616da246f363ac31b64
SHA1

61c75662747d73543a4fd4ef522fa4e1d68a2123
SHA256

5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e
SHA512

f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67
SSDEEP

24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au

Score

7^/10

collection persistence

Malware Config

Targets

- Target
  
  invoice and packing list.exe
- Size
  
  863KB
- MD5
  
  629650941c646616da246f363ac31b64
- SHA1
  
  61c75662747d73543a4fd4ef522fa4e1d68a2123
- SHA256
  
  5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e
- SHA512
  
  f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67
- SSDEEP
  
  24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au
Score

7^/10

collection persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionpersistence

behavioral2

collectionpersistence