General

  • Target

    1be3b5a391762a6005518f97e387c38b55d49f718900adc9f1b2e5eaad699056

  • Size

    2.8MB

  • Sample

    231213-x3x85sgehq

  • MD5

    a1cc435f315c2fb6806c57c09081f6b1

  • SHA1

    e6d2600c32439bc58f59a8bc89ccf53de132156e

  • SHA256

    1be3b5a391762a6005518f97e387c38b55d49f718900adc9f1b2e5eaad699056

  • SHA512

    5ee60bf407ef3fbf9c42f636f9b527ec2980837a67a7d84ded84406b7d8431b260ff1aeb5f8f2922678aec9ba8379e858f1274e6b82d7465032b1b1644de4837

  • SSDEEP

    49152:U+QVbnV+LY2KCtzmBGGSeHiAaoacIk1o+/ozm4guKLGynAnKWCcn+yE+P:pQGYz0zyGHeVaoZIk1oAoC5JLGyAnKWl

Malware Config

Targets

    • Target

      1be3b5a391762a6005518f97e387c38b55d49f718900adc9f1b2e5eaad699056

    • Size

      2.8MB

    • MD5

      a1cc435f315c2fb6806c57c09081f6b1

    • SHA1

      e6d2600c32439bc58f59a8bc89ccf53de132156e

    • SHA256

      1be3b5a391762a6005518f97e387c38b55d49f718900adc9f1b2e5eaad699056

    • SHA512

      5ee60bf407ef3fbf9c42f636f9b527ec2980837a67a7d84ded84406b7d8431b260ff1aeb5f8f2922678aec9ba8379e858f1274e6b82d7465032b1b1644de4837

    • SSDEEP

      49152:U+QVbnV+LY2KCtzmBGGSeHiAaoacIk1o+/ozm4guKLGynAnKWCcn+yE+P:pQGYz0zyGHeVaoZIk1oAoC5JLGyAnKWl

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

MITRE ATT&CK Enterprise v15

Tasks