73ee737e5bb4e53ce37177cf1ee0155ba04475523ddc7f8bd35754d5e3d162aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04254099.exe
Size

510KB
Sample

230604-ke9k2scb7w
MD5

e5e21de748302d8284cf59bd050d4945
SHA1

56ca6ab52b877a1752f23cbb47b342e7b6882653
SHA256

73ee737e5bb4e53ce37177cf1ee0155ba04475523ddc7f8bd35754d5e3d162aa
SHA512

aaae0f5c521837814578ec1509e7bf9f597bcd6b693de9a3731f22ab5e5e16f35d6a458c4c2ee79dcd5708ae00e192a1f22e3cbe6d70d9c0544eb729a1374269
SSDEEP

6144:2PNP5bKdBTYQVWtRvckecX5vZMBNKRqOSnyDOk8liUnHrfkYF2RguzxQQ3nKala:QNQdB3VCbecX706ok8vfnGhxn3nKQ

Score

10^/10

collection

Malware Config

Targets

- Target
  
  04254099.exe
- Size
  
  510KB
- MD5
  
  e5e21de748302d8284cf59bd050d4945
- SHA1
  
  56ca6ab52b877a1752f23cbb47b342e7b6882653
- SHA256
  
  73ee737e5bb4e53ce37177cf1ee0155ba04475523ddc7f8bd35754d5e3d162aa
- SHA512
  
  aaae0f5c521837814578ec1509e7bf9f597bcd6b693de9a3731f22ab5e5e16f35d6a458c4c2ee79dcd5708ae00e192a1f22e3cbe6d70d9c0544eb729a1374269
- SSDEEP
  
  6144:2PNP5bKdBTYQVWtRvckecX5vZMBNKRqOSnyDOk8liUnHrfkYF2RguzxQQ3nKala:QNQdB3VCbecX706ok8vfnGhxn3nKQ
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2