General
-
Target
9373eeeb7d7a9c065afb641da6689c9d1982e949f6b6e5d7d228fbee397b83f0.zip
-
Size
3.0MB
-
Sample
240501-p9yjgshe55
-
MD5
e75db1bb62b649d248d7696133d7bed3
-
SHA1
fb6de8339ea911354215470a98387ea3c4e47261
-
SHA256
db1aaf575d982c2d2326ef8731d7960b7f0cbf3a70c19d71d4a18aa96b159be8
-
SHA512
611828631425e062e2802ee7dbb36b3f7a9eeb1798d8d169dc716b0072adf99f48c966454d2be95839e35194cd141f73e61c65e12416bc82967933e8c17033f3
-
SSDEEP
49152:TPS5451yufLFFFM+ZIBbMIQ5Tb4Zu7Go08gN1oB0sX+z4kPQGoJT0mc:W41yuDFFFM+wb3w4zo6vEuzFEJT3c
Static task
static1
Behavioral task
behavioral1
Sample
9373eeeb7d7a9c065afb641da6689c9d1982e949f6b6e5d7d228fbee397b83f0.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9373eeeb7d7a9c065afb641da6689c9d1982e949f6b6e5d7d228fbee397b83f0.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9373eeeb7d7a9c065afb641da6689c9d1982e949f6b6e5d7d228fbee397b83f0.exe
-
Size
3.1MB
-
MD5
2bfbd889530f526aa6833886723e7fae
-
SHA1
736e9f9229d6824ceb0e698debfa91244be827c1
-
SHA256
9373eeeb7d7a9c065afb641da6689c9d1982e949f6b6e5d7d228fbee397b83f0
-
SHA512
9b65d29a5d728e6caa14c0a53579b7ad9cd0c55e91390244b14fd933d027a2d7344b0856f3de2734326737533a0555c28e028131975f0da0a4dcbe19399fc5ee
-
SSDEEP
98304:aaPb0LlPVs6Ccyq2DbrorXfGEdOq9FYz:aMwZNsTc52D/orXhdDFW
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1