message__6554654a148aa91baa81eba864949685_grupofitec_com_[.]eml | Triage

Resubmissions

28-03-2024 06:31

240328-hacz6scd94 10

28-03-2024 06:30

240328-g9qvmscd85 3

28-03-2024 06:29

240328-g9d6vacd79 3

Sharing

General

Target

message__6554654a148aa91baa81eba864949685_grupofitec_com_.eml
Size

877KB
MD5

1ff4d48987364107f32975494881e718
SHA1

f9d335b6cf99b5e6ff82878bf2062977dcbc3489
SHA256

88d329bc79df8872e028b644de8a28cbc2608f632f841dbb21ffa4fa99d8ca85
SHA512

90c6cc027e415dcf7059a61fcb0e50274d0ed6f4384d3287542087d2fab51aa6d0644c987d568a4f9b3be39ee675c082f6edb4e58954d7b483690b352e7716e7
SSDEEP

24576:FNV0p5+YBUhQusEQvnoea/vD2naQFnuiL:JcVeD2aQVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/Facturas Marzo.exe

Files

message__6554654a148aa91baa81eba864949685_grupofitec_com_.eml
.eml
Facturas Marzo.gz
.gz
Facturas Marzo.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\Fallkyriya\obj\Release\Fallkyriya.pdb

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Outlook-5widawpz.png
.png
email-html-2.txt
email-plain-1.txt