General

  • Target

    8040047d975cc109311656f7a6f228a3fe3a29b95a30dd6d35b8cda1bdf25bf5

  • Size

    2.8MB

  • Sample

    231213-yqbp2sghbk

  • MD5

    ca48c9b6f233639ea8bd3a5270a0d3d6

  • SHA1

    71a7a26e15835f1c982977c9e7f1fd9281849b2f

  • SHA256

    8040047d975cc109311656f7a6f228a3fe3a29b95a30dd6d35b8cda1bdf25bf5

  • SHA512

    3e14c4dbd23ac78c813a7d023fcb0406885176559f9e44c0c7810597b3a4d06601eb6b59a9d018ae64aa8a4224b3205df1927ec50cff14a05339273dc693ac0a

  • SSDEEP

    49152:GqmtmhtnnVwTGUoCaNABF7S45MuBB0Iu1fTfbJ4gC3Ae9WwW4zWSry5HByfBF:oo2GHlNAFe4uuBGIu1fTfl56t9WwlzWW

Malware Config

Targets

    • Target

      8040047d975cc109311656f7a6f228a3fe3a29b95a30dd6d35b8cda1bdf25bf5

    • Size

      2.8MB

    • MD5

      ca48c9b6f233639ea8bd3a5270a0d3d6

    • SHA1

      71a7a26e15835f1c982977c9e7f1fd9281849b2f

    • SHA256

      8040047d975cc109311656f7a6f228a3fe3a29b95a30dd6d35b8cda1bdf25bf5

    • SHA512

      3e14c4dbd23ac78c813a7d023fcb0406885176559f9e44c0c7810597b3a4d06601eb6b59a9d018ae64aa8a4224b3205df1927ec50cff14a05339273dc693ac0a

    • SSDEEP

      49152:GqmtmhtnnVwTGUoCaNABF7S45MuBB0Iu1fTfbJ4gC3Ae9WwW4zWSry5HByfBF:oo2GHlNAFe4uuBGIu1fTfl56t9WwlzWW

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

MITRE ATT&CK Enterprise v15

Tasks