Overview

overview

10

Static

static

5

31c28bce87...66.exe

windows7-x64

10

31c28bce87...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6610a5896fe0895ed5ca90f938906372.bin

  • Size

    764KB

  • Sample

    240727-ce8dzszejj

  • MD5

    6b97cee0922b799d0948604dd02ed42a

  • SHA1

    79283f15b1cdddb06e5a1ac73bbf3ff964812142

  • SHA256

    61be0b9e7904f668394ac3ac76f308b1afa8c7f485ce10365dfe826569c7bd7a

  • SHA512

    9d7f17b322042f7b6fa852ff66b79eb0fba2a6fdc77825d3606b1c940a90279c80c6ad447ea6a2faeb2959eca3b385511a9ae7cc0f33a413dcc0a36535a60380

  • SSDEEP

    12288:nRuY+ez6/xPSGc+SkNOsqFfG1dX7w+K3EImdET+6yoew+MQuLJLdiggOnU/AM:R3r6/dSGc+SklqFG7K3E3Oa6flN963

Score
10/10
collectiondiscoveryevasion

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.lenteraandalan.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    merah2005

Targets

    • Target

      31c28bce87bf83996ccbd1e7bea5de7a75b5f840df1e108f6792d5b17185da66.exe

    • Size

      1.2MB

    • MD5

      6610a5896fe0895ed5ca90f938906372

    • SHA1

      b31f809206ea7352a8e2707bece1b087ded10ab1

    • SHA256

      31c28bce87bf83996ccbd1e7bea5de7a75b5f840df1e108f6792d5b17185da66

    • SHA512

      4528dd35d5d2e37c0e3597ac02e07f420e3671d6336bef00870d101ab50348556a4eb796bc1b462a8c5f22393917c0c958ce37323e2ec8ff75398696f5e2830b

    • SSDEEP

      24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aPUJOy2AwxelFby:KTvC/MTQYxsWR7aPby2Txeb

    Score
    10/10
    collectiondiscoveryevasion

    • Disables Task Manager via registry modification

      evasion

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks