General
-
Target
ZZ.exe
-
Size
303KB
-
Sample
230125-ny1c9sfh52
-
MD5
861d01503fd3f2258907539fe4f4984d
-
SHA1
f2f4a48bc9d48815b090525c4d49e3937a9f4a94
-
SHA256
3671f50c59e91067f6161243ec3e701d87ebfe461dd0c3b8c520f50d8619598a
-
SHA512
679f1f3ea7a47ab993b83b532b7670112cddd304c9713f7157be7110d4f5f54130c7576a768cb61b823a06f4459c8f081e18a79291aecc1a998894946ddab257
-
SSDEEP
6144:TYa6E9nxscxsV0m/GV95UqnZtTmQeJXfe32vEnZclbXnXTGnInit8y:TYi9nmQsFa5UTZqAEnGlbXKnV7
Static task
static1
Behavioral task
behavioral1
Sample
ZZ.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ZZ.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
ZZ.exe
-
Size
303KB
-
MD5
861d01503fd3f2258907539fe4f4984d
-
SHA1
f2f4a48bc9d48815b090525c4d49e3937a9f4a94
-
SHA256
3671f50c59e91067f6161243ec3e701d87ebfe461dd0c3b8c520f50d8619598a
-
SHA512
679f1f3ea7a47ab993b83b532b7670112cddd304c9713f7157be7110d4f5f54130c7576a768cb61b823a06f4459c8f081e18a79291aecc1a998894946ddab257
-
SSDEEP
6144:TYa6E9nxscxsV0m/GV95UqnZtTmQeJXfe32vEnZclbXnXTGnInit8y:TYi9nmQsFa5UTZqAEnGlbXKnV7
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-