Overview

overview

6

Static

static

5

Purchase O...25.exe

windows7-x64

6

Purchase O...25.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order 17025.exe

  • Size

    1.3MB

  • Sample

    241031-j79abawleq

  • MD5

    6626bc3f667fbbf3e64bb21cf4dd7721

  • SHA1

    c0a01811de364d0f0092ccbb4eb9b5d5ca7e5a2a

  • SHA256

    72853e20d6cdef71f6afa34788d73a3d86ee09395c042b3966ab67194a3be2b8

  • SHA512

    f199f05aa4ccb32687f75078c9a03ca579a51d1cd16e2a6933cf281eb4f47d8802716b1ac0ee8e5883fd1e2e8695af8b7c96c3e327f2ec9132f402a5dbcb36e4

  • SSDEEP

    24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8aUeNHZ+BInfEEIvEGMl58lvYd:LTvC/MTQYxsWR7aUerdMEIvEGMwl

Score
6/10
collectiondiscovery

Malware Config

Targets

    • Target

      Purchase Order 17025.exe

    • Size

      1.3MB

    • MD5

      6626bc3f667fbbf3e64bb21cf4dd7721

    • SHA1

      c0a01811de364d0f0092ccbb4eb9b5d5ca7e5a2a

    • SHA256

      72853e20d6cdef71f6afa34788d73a3d86ee09395c042b3966ab67194a3be2b8

    • SHA512

      f199f05aa4ccb32687f75078c9a03ca579a51d1cd16e2a6933cf281eb4f47d8802716b1ac0ee8e5883fd1e2e8695af8b7c96c3e327f2ec9132f402a5dbcb36e4

    • SSDEEP

      24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8aUeNHZ+BInfEEIvEGMl58lvYd:LTvC/MTQYxsWR7aUerdMEIvEGMwl

    Score
    6/10
    collectiondiscovery

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks