General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe
-
Size
1.1MB
-
Sample
230328-jdjskabd7s
-
MD5
f91e53e0379eac34c222de4a46588cf1
-
SHA1
523d61b31dd1104a20bbd04e3f4c30729191af64
-
SHA256
35a7141973dd708723ae711b94f845d36740f2613d4f94dde3aa9c75519f0975
-
SHA512
52789dfa07b6d8f1a0e843eae9f1f50c49d31059f22b3c01457315f7cd3738db4cbaef089419c0fd47900d979e611c1916141fdc1bb7cdc2e7faedd7eb4c6c92
-
SSDEEP
24576:MOp5uo31uJ1xQ/YNuZb4c9JsJchzWN82fRwFceVXmgNbo6qYfQD:Dg0gHQuuGSLhjwhMo6qYfi
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe
-
Size
1.1MB
-
MD5
f91e53e0379eac34c222de4a46588cf1
-
SHA1
523d61b31dd1104a20bbd04e3f4c30729191af64
-
SHA256
35a7141973dd708723ae711b94f845d36740f2613d4f94dde3aa9c75519f0975
-
SHA512
52789dfa07b6d8f1a0e843eae9f1f50c49d31059f22b3c01457315f7cd3738db4cbaef089419c0fd47900d979e611c1916141fdc1bb7cdc2e7faedd7eb4c6c92
-
SSDEEP
24576:MOp5uo31uJ1xQ/YNuZb4c9JsJchzWN82fRwFceVXmgNbo6qYfQD:Dg0gHQuuGSLhjwhMo6qYfi
Score8/10-
Sets service image path in registry
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-