Overview

overview

7

Static

static

5

Purchase O...28.exe

windows7-x64

7

Purchase O...28.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c700c46fed0dc1adb32a9721a3ca43c2ba9b2a5f6fcb94b2df6defb14aaac19f

  • Size

    929KB

  • Sample

    241101-raf69szkgx

  • MD5

    a45bd090000c864bea85e195ddc3f929

  • SHA1

    84d6712ca8b641b338b114ba6701a5a72e592a7e

  • SHA256

    c700c46fed0dc1adb32a9721a3ca43c2ba9b2a5f6fcb94b2df6defb14aaac19f

  • SHA512

    4e60abd9166d553abeef8ef2a686ce95342aee47cd42908aea06fe5f016763d0606f38b173efa72f11af800a760b4eab6f93555687692ce9ee58369c1e40a9a3

  • SSDEEP

    24576:ebyyZqCCqMsKXQ4qsRj5/dwxBP7Fw5VBp2:5yUWKXzFR8xBDUVu

Score
7/10
collectiondiscovery

Malware Config

Targets

    • Target

      Purchase Order _985328.exe

    • Size

      1.4MB

    • MD5

      bdfd5584de8569ac84cd5566875c5464

    • SHA1

      3130ac63f0109d4cd5ca00f96d05c29df5f73dfb

    • SHA256

      d1ed381d12ccad419dcc8e8fc14179ef453e03ddd57d6842955ea9ec5176f484

    • SHA512

      848b932396628c3cfabdf350c95b75b38a29d2b575ca4a46da1e1fd469038fb8d388cc1febc84914a77dde3247d98f3117765cb9ad1deb58916dd42d7399e99d

    • SSDEEP

      24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8axkozf5RxwxnpPF+5NBL2mV:4TvC/MTQYxsWR7axkozuxnp2N8m

    Score
    7/10
    collectiondiscovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks