Overview

overview

7

Static

static

5

sunday (1).exe

windows7-x64

7

sunday (1).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f652b9bfff41cc0e34a3cabaf6cfda22ca1712c5d6af7948bfd64d616ef26383

  • Size

    934KB

  • Sample

    241101-raf69szkgy

  • MD5

    faa91434a2975f299b16cbea610a8b9b

  • SHA1

    2473ae36e96723c867d6286f5bf4d3b02a461243

  • SHA256

    f652b9bfff41cc0e34a3cabaf6cfda22ca1712c5d6af7948bfd64d616ef26383

  • SHA512

    cd37a43a7335adee519abb7bfffa9519cea6de0a0485ff5bfddb104ca16075874b9dada89f0fce930e7edd0047c7e8a8af552c03ac4c7fc781811ac13afb86e3

  • SSDEEP

    24576:U9cCvXcj5FBLJ3YctEHBpaeCP1VhpPYOr078FpAbzhAOdz:U9DMj5FL3BEHBp+ZPjw4Fp+z6Wz

Score
7/10
collectiondiscovery

Malware Config

Targets

    • Target

      sunday (1).exe

    • Size

      1.4MB

    • MD5

      f86afa0aeac7460d436c545026a6bf66

    • SHA1

      573809df745953ff61b9aaa30dda9fc886957a9d

    • SHA256

      4fcc90c2640778103ed184ccb978e934d8b9af249b2834d9ea1ba515a21d9a6b

    • SHA512

      390f24c479943d7589a278696531b6fc47ebf2a52d34d7aeb91277f102f912e7c9876c9fd3b475023fef8120f8ce5b2ca41f3d5771bb0979020894493a3f019e

    • SSDEEP

      24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8atv91H7pNOsR2VAFT07xA5:KTvC/MTQYxsWR7at/9NFYuFTGxA

    Score
    7/10
    collectiondiscovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks