Overview

overview

7

Static

static

5

z79PROFORM...CE.exe

windows7-x64

7

z79PROFORM...CE.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z79PROFORMAINVOICE.exe

  • Size

    1.4MB

  • Sample

    241101-rfbhzasqfn

  • MD5

    44b12ec43cc992f523a020ea8de11ac7

  • SHA1

    62c0df44c7fc6c3dbf3eddccf4f58a1ab8f5bf36

  • SHA256

    e5e6d62b5bae3ab4874c477f700dfa99288f56358e1194e1bda9d98d4d11b043

  • SHA512

    e7f272a47a740ab442c926973a044f9a546516a4dc8fca0d91b8ad18d5ab12515a76bc9851ebf2022234d90622c61c72d4deba39ce4adb78ffddef4acc066f2b

  • SSDEEP

    24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aPjH+CMV/52TLI8ORQVciQ:yTvC/MTQYxsWR7aPjeXYTLjYQ

Score
7/10
collectiondiscovery

Malware Config

Targets

    • Target

      z79PROFORMAINVOICE.exe

    • Size

      1.4MB

    • MD5

      44b12ec43cc992f523a020ea8de11ac7

    • SHA1

      62c0df44c7fc6c3dbf3eddccf4f58a1ab8f5bf36

    • SHA256

      e5e6d62b5bae3ab4874c477f700dfa99288f56358e1194e1bda9d98d4d11b043

    • SHA512

      e7f272a47a740ab442c926973a044f9a546516a4dc8fca0d91b8ad18d5ab12515a76bc9851ebf2022234d90622c61c72d4deba39ce4adb78ffddef4acc066f2b

    • SSDEEP

      24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aPjH+CMV/52TLI8ORQVciQ:yTvC/MTQYxsWR7aPjeXYTLjYQ

    Score
    7/10
    collectiondiscovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks