5fd0278bd6f9e2be0093585e64b18461de7f5669391a3540301caae60a7b962f | Triage

Sharing

General

Target

5fd0278bd6f9e2be0093585e64b18461de7f5669391a3540301caae60a7b962f.exe
Size

152KB
Sample

240920-rlbqxs1amg
MD5

0b0c05d49526db92c8fb0b051649aadc
SHA1

6e199996c171523b45776c019e41827e2adcfa1a
SHA256

5fd0278bd6f9e2be0093585e64b18461de7f5669391a3540301caae60a7b962f
SHA512

6d071f028b95a03f590cad125a8d2ca35a0e7249bc1d0fa2dbc0527a5991d77b40d6f8c3a1dab3876dfaeb65818ee439c684af8a33b3a1d6220f2f58e5df0529
SSDEEP

3072:UlhERQSY9ydYJ8UQIe/ureJdkDXLLiMDdvk0:UlhERbYJzQIeWrezAhvk

Score

10^/10

collection discovery

Malware Config

Targets

- Target
  
  5fd0278bd6f9e2be0093585e64b18461de7f5669391a3540301caae60a7b962f.exe
- Size
  
  152KB
- MD5
  
  0b0c05d49526db92c8fb0b051649aadc
- SHA1
  
  6e199996c171523b45776c019e41827e2adcfa1a
- SHA256
  
  5fd0278bd6f9e2be0093585e64b18461de7f5669391a3540301caae60a7b962f
- SHA512
  
  6d071f028b95a03f590cad125a8d2ca35a0e7249bc1d0fa2dbc0527a5991d77b40d6f8c3a1dab3876dfaeb65818ee439c684af8a33b3a1d6220f2f58e5df0529
- SSDEEP
  
  3072:UlhERQSY9ydYJ8UQIe/ureJdkDXLLiMDdvk0:UlhERbYJzQIeWrezAhvk
Score

10^/10

discovery collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondiscovery