Overview

overview

10

Static

static

3

RFQ9979059...55.scr

windows7-x64

3

RFQ9979059...55.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05ed4a278e8423fbf775a5a00c01431fc8e4cc39c25cdec83911981b02ceb1d0

  • Size

    53KB

  • Sample

    240920-pv5z1swhkf

  • MD5

    d9c272f57c8c77ae7fc8f4f5f13ebbfc

  • SHA1

    65ab4fdb5deb15e4828b8019d68a2e161a099787

  • SHA256

    05ed4a278e8423fbf775a5a00c01431fc8e4cc39c25cdec83911981b02ceb1d0

  • SHA512

    cddf08ddd4e7168c3511ea5798c41b9cdbc524a9e7538445ecf1f462cce79195f61f8d8d57a105615da33960c60268addadce34a96e2bf0f8f37ef2f3e95c188

  • SSDEEP

    1536:SRe6gWzCn3kUU4UpvBbRORTO5XxX6vzao0LcntZLF:IFen0lBZt4aetZLF

Score
10/10
collectiondiscoverypersistence

Malware Config

Targets

    • Target

      RFQ99790598989584498497476474746487474455.scr

    • Size

      143KB

    • MD5

      2e3c1970cb5d0301e0ca9992a93ff6e3

    • SHA1

      6bb86d847868782d1971603d229d0deb23360a32

    • SHA256

      6b978bb4a9afeea31e10d98ca89978476ebf6d50aec937f5b5ee7d7ec1fd22ce

    • SHA512

      6a76ac302c4738007f02be360ba854834cdd93df357aab4d6c698b136ea03e009989900c21e0220aacd1f71b8d9a008cc360ef4f621479a052bbcf12cb13575b

    • SSDEEP

      1536:kL+r+Vhp0BxBhBgVHdp2NSsx91RNOPuc9c6t56TFBtXffj1oGL9xRYOqo:kI+BKxBoXtsQuIc6t5eV6YqOq

    Score
    10/10
    discoverycollectionpersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks