General

  • Target

    d356e576ddb8d4268bd6b15175273d3f445ae8a923b3b2efb3f5231515da2f5f.exe

  • Size

    917KB

  • Sample

    241016-gbfa9azbll

  • MD5

    3395921f981e54180e5801d6389cc3ef

  • SHA1

    21faeaef86cc8bd47904cbddedd383959292dde8

  • SHA256

    d356e576ddb8d4268bd6b15175273d3f445ae8a923b3b2efb3f5231515da2f5f

  • SHA512

    d8f3b7afc54f68c67da87dc1100f4cfd00e219cc1ba964e5dbbd2f1b316512a327ac39e335b7b4d1623c3d50c7e5cc4120377fb2ff644e39719bad7457570266

  • SSDEEP

    12288:ALkcoxg7v3qnC11ErwIhh0F4qwUgUny5Qt/uwbm4Wp4a5LaSI/H:WfmMv6Ckr7Mny5Qt/uw5WW9zv

Score
7/10

Malware Config

Targets

    • Target

      d356e576ddb8d4268bd6b15175273d3f445ae8a923b3b2efb3f5231515da2f5f.exe

    • Size

      917KB

    • MD5

      3395921f981e54180e5801d6389cc3ef

    • SHA1

      21faeaef86cc8bd47904cbddedd383959292dde8

    • SHA256

      d356e576ddb8d4268bd6b15175273d3f445ae8a923b3b2efb3f5231515da2f5f

    • SHA512

      d8f3b7afc54f68c67da87dc1100f4cfd00e219cc1ba964e5dbbd2f1b316512a327ac39e335b7b4d1623c3d50c7e5cc4120377fb2ff644e39719bad7457570266

    • SSDEEP

      12288:ALkcoxg7v3qnC11ErwIhh0F4qwUgUny5Qt/uwbm4Wp4a5LaSI/H:WfmMv6Ckr7Mny5Qt/uw5WW9zv

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks