General
-
Target
39d1369b5d37290e14910092cb99b110N.exe
-
Size
2.6MB
-
Sample
240825-k7qcwayaqm
-
MD5
39d1369b5d37290e14910092cb99b110
-
SHA1
c053c769c8e3700ddba987c7a3abdcc2ac790265
-
SHA256
077b32d0275563fbb5b72c4ab9745a815ecf0669f18696828122d2be921277a1
-
SHA512
0053ef99a9e755d67a0657086de3693d6dcc7b7fcbad0f59a2a32b18ab8e947d1c9bfc8ed2490538ed4500fe783d3cae53beec69b90f3f4d24fe74f4e4a1cbb1
-
SSDEEP
24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4en:ObCjPKNqQEfsw43qtmVfq4u
Static task
static1
Behavioral task
behavioral1
Sample
39d1369b5d37290e14910092cb99b110N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
39d1369b5d37290e14910092cb99b110N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.me.com - Port:
587 - Username:
[email protected] - Password:
RICHARD205lord
Targets
-
-
Target
39d1369b5d37290e14910092cb99b110N.exe
-
Size
2.6MB
-
MD5
39d1369b5d37290e14910092cb99b110
-
SHA1
c053c769c8e3700ddba987c7a3abdcc2ac790265
-
SHA256
077b32d0275563fbb5b72c4ab9745a815ecf0669f18696828122d2be921277a1
-
SHA512
0053ef99a9e755d67a0657086de3693d6dcc7b7fcbad0f59a2a32b18ab8e947d1c9bfc8ed2490538ed4500fe783d3cae53beec69b90f3f4d24fe74f4e4a1cbb1
-
SSDEEP
24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4en:ObCjPKNqQEfsw43qtmVfq4u
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2