General

  • Target

    z1NewPO.exe

  • Size

    1.1MB

  • Sample

    241107-qsc2wstakg

  • MD5

    a01906dd39d528571aa40a1b8f8b4940

  • SHA1

    396640e082e988fa78f0ceef3fca3a22801d63c0

  • SHA256

    6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c

  • SHA512

    e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e

  • SSDEEP

    12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe

Score
7/10

Malware Config

Targets

    • Target

      z1NewPO.exe

    • Size

      1.1MB

    • MD5

      a01906dd39d528571aa40a1b8f8b4940

    • SHA1

      396640e082e988fa78f0ceef3fca3a22801d63c0

    • SHA256

      6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c

    • SHA512

      e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e

    • SSDEEP

      12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks