General
-
Target
hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwithlotofloveiloveyousoomuch.doc
-
Size
71KB
-
Sample
240305-mle15acf8s
-
MD5
26c100089e2cf5463babd1de454a67d1
-
SHA1
6a9d052164255970ae1429fe60617f8eafd22a54
-
SHA256
2e8debc110f5f5cd0a112ac5d77863b4148cd7c7c1fd888e17dade82b50a7458
-
SHA512
e97c29ed4d726df4687cabfe398874d253dc34f0d5fa6be1fa34139bf7b4414832b8820dd1cc7ce26f5c85562c4fbbea360349499e8c020bd53a3cbf26474e4f
-
SSDEEP
1536:SUTYpANIIHHpYger0agzaJ7gZRVH8fwv2:vcp0YgeL7gZRVH8fwv2
Static task
static1
Behavioral task
behavioral1
Sample
hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwit.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwit.rtf
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwithlotofloveiloveyousoomuch.doc
-
Size
71KB
-
MD5
26c100089e2cf5463babd1de454a67d1
-
SHA1
6a9d052164255970ae1429fe60617f8eafd22a54
-
SHA256
2e8debc110f5f5cd0a112ac5d77863b4148cd7c7c1fd888e17dade82b50a7458
-
SHA512
e97c29ed4d726df4687cabfe398874d253dc34f0d5fa6be1fa34139bf7b4414832b8820dd1cc7ce26f5c85562c4fbbea360349499e8c020bd53a3cbf26474e4f
-
SSDEEP
1536:SUTYpANIIHHpYger0agzaJ7gZRVH8fwv2:vcp0YgeL7gZRVH8fwv2
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-