General

  • Target

    invoice and packing list.exe

  • Size

    863KB

  • Sample

    230125-mg5qzsfg24

  • MD5

    629650941c646616da246f363ac31b64

  • SHA1

    61c75662747d73543a4fd4ef522fa4e1d68a2123

  • SHA256

    5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e

  • SHA512

    f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67

  • SSDEEP

    24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au

Malware Config

Targets

    • Target

      invoice and packing list.exe

    • Size

      863KB

    • MD5

      629650941c646616da246f363ac31b64

    • SHA1

      61c75662747d73543a4fd4ef522fa4e1d68a2123

    • SHA256

      5fd88707644b5c51752f574b44b60add5b279713e5fd1b47fe95f5cf97fa634e

    • SHA512

      f762d0d13fdaf114e6e646686e7c425c015d1cec2dc3fa2207ed51cd1c1fc8c6e16dbfd85e52ea832c16ed5aa7cdc2e23a1cf1768e7743cd116290c6d5047c67

    • SSDEEP

      24576:rVO8kyGyOMQzlG27ScBABcU9Ny6AAgZy:w8kypOMj27EcUry6Au

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

      Defense Evasion

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Privilege Escalation

                  Tasks