e9f1f2ea211f2428732d7b35ce5a66f882e600432502c8e64285196a2a925327 | Triage

Sharing

General

Target

e9f1f2ea211f2428732d7b35ce5a66f882e600432502c8e64285196a2a925327.gz
Size

112KB
Sample

241002-b33mzavbre
MD5

04f8a619d1f47bae134aa1b8769ab29d
SHA1

a3cf797517cce6e009f71a8ecb3b3d2decdf1e36
SHA256

e9f1f2ea211f2428732d7b35ce5a66f882e600432502c8e64285196a2a925327
SHA512

1b3f22e16eac54c97b732864a8ac233cd06dea53371104abf0b4a9f411b43395266a9f08a426e5d603bc202b87c8af2c08b185688ad613dd68a368ecb17972ae
SSDEEP

192:1FO9uUR8HqYcE2Kan7yMe45XoxQhpmg8tF8e7wuPGsG+ED1MiL0jAk9Y8mh0Ipdk:1mqHqy/ZpxW87bwbDxL0jE8odEZucDaG

Score

10^/10

collection

Malware Config

Targets

- Target
  
  RFQ_5219000045320004511.exe
- Size
  
  100.0MB
- MD5
  
  dd1d53f904f06b5ca6172477ae31d982
- SHA1
  
  6685ef1e028b9bb7e1040ef8ac225a4ab8495b34
- SHA256
  
  d3fa7d28e8c9b186679af2040cef53ff4c9213fa4fd7f1295ac65007ae83fc1c
- SHA512
  
  81952a9c6d6cb1f62d2895162da90e1fdd254d188424b74c68f0ef77dd092af9ea0ae27c43679b4bb8ffa6f6f8f55ac7aad21b0a9a3aa7e2475b801243a9e643
- SSDEEP
  
  768:f7wMbd0RtRVnyAWj8Po7ecqZfZoGbKFKLJWgO7ZG:f8Mbd+tPnyBx7e92GWFKLJWFG
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2