Overview

overview

7

Static

static

5

ORDER--GO2...24.exe

windows7-x64

7

ORDER--GO2...24.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ORDER--GO289533005XXXX024.exe

  • Size

    1.2MB

  • Sample

    240723-lv3m4szgrm

  • MD5

    1441d5f7792d1b6ec6b1afbd4b279f3a

  • SHA1

    e3ff00dd811c11e66ce00be772b7e44d8c1bfcac

  • SHA256

    d75d64f7bef53f67f4be5153a21ecc0cdf808ddbf11421f81e137adefad22257

  • SHA512

    509065c1292bbf41b06a0c20923c83765814d3d044a8ec6715bbfe855e35ac30a5be884cc7c090067122722852e7db2d9665f3ee09a7afe111312dff3586402e

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaFHumBqo+ichfvo5:Yh+ZkldoPK8YaFH/IlZhf2

Score
7/10
collection

Malware Config

Targets

    • Target

      ORDER--GO289533005XXXX024.exe

    • Size

      1.2MB

    • MD5

      1441d5f7792d1b6ec6b1afbd4b279f3a

    • SHA1

      e3ff00dd811c11e66ce00be772b7e44d8c1bfcac

    • SHA256

      d75d64f7bef53f67f4be5153a21ecc0cdf808ddbf11421f81e137adefad22257

    • SHA512

      509065c1292bbf41b06a0c20923c83765814d3d044a8ec6715bbfe855e35ac30a5be884cc7c090067122722852e7db2d9665f3ee09a7afe111312dff3586402e

    • SSDEEP

      24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaFHumBqo+ichfvo5:Yh+ZkldoPK8YaFH/IlZhf2

    Score
    7/10
    collection

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks