General

  • Target

    INVOICE.scr.exe

  • Size

    393KB

  • Sample

    241104-shv6tsvjfn

  • MD5

    4da064c180a8e2c32320663d4315f270

  • SHA1

    d847da8050203241b32e0664eaf2aae555ed6b73

  • SHA256

    3fa4ae4ae197fa29bb3b99af1b7b786fc125d4d6248e2198570332c67c120a53

  • SHA512

    51819d6193ce7e31d33f984c33772867c503792b180cd7f480a1b06af4e056da34689481e8bb99a9036fcba1bed8158af244c72c038ed3d1ae4e552dcc209e66

  • SSDEEP

    6144:WIrwD4t4+Lax3nA++V+8FWzCFdbCeDJzikdg3xlRG14AprHFrVRy8SEf:vr64t4+Lax3rfegkde5WHFrm8SE

Score
10/10

Malware Config

Targets

    • Target

      INVOICE.scr.exe

    • Size

      393KB

    • MD5

      4da064c180a8e2c32320663d4315f270

    • SHA1

      d847da8050203241b32e0664eaf2aae555ed6b73

    • SHA256

      3fa4ae4ae197fa29bb3b99af1b7b786fc125d4d6248e2198570332c67c120a53

    • SHA512

      51819d6193ce7e31d33f984c33772867c503792b180cd7f480a1b06af4e056da34689481e8bb99a9036fcba1bed8158af244c72c038ed3d1ae4e552dcc209e66

    • SSDEEP

      6144:WIrwD4t4+Lax3nA++V+8FWzCFdbCeDJzikdg3xlRG14AprHFrVRy8SEf:vr64t4+Lax3rfegkde5WHFrm8SE

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks