a6e89ab2a24715ba778e9734ebc434f80feb6188d01eeb1ff4d3004863fbd6b9 | Triage

Sharing

General

Target

STATEMENT OF ACCOUNTS.LZH.rar
Size

14KB
Sample

230202-phrlvsab6z
MD5

036894f48b296e2bcda4316b7ae774f7
SHA1

a8723b52256ec54e03e9897dab5346eb0f2297bb
SHA256

a6e89ab2a24715ba778e9734ebc434f80feb6188d01eeb1ff4d3004863fbd6b9
SHA512

7c88688159a00f2e486c3eb06b711205de1a954a8dce84e8314c741dbb97f050cd267026a1137ce393df9165a4794084070d2fca3984a25bd8fbde22e22a05b1
SSDEEP

384:J9m4N8rTpPAtiPhB9ujAvppAl9xULnFDS69O4jGOW:D6rTppPhB9rsSQ60

Score

7^/10

collection

Malware Config

Targets

- Target
  
  STATEMENT OF ACCOUNTS.exe
- Size
  
  96KB
- MD5
  
  7b83d435365d83345fa3a9117fe4b784
- SHA1
  
  a437e84a6289b927e4d90294feba652853472bd7
- SHA256
  
  8d4e8edf683d42f1f5287ae5d25f57d93285fd6b32f2198a1a2545cd17b05a1e
- SHA512
  
  9f61b079894679eef8e7204503faa2053aa789e744dab0ab0979fb0af755eb996e95b2e1dc95eb067d263c867a64ed5928763b4ab492c6695c2009d86f4c2bb3
- SSDEEP
  
  768:YgUNNaXHErJkoOrGYPN3a+VflOD5NbcVfup+btYAJHa4H:YnNaXHEaZr33a+V9ycVfupotYyTH
Score

7^/10

collection
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2