General
-
Target
z1NewPO.exe
-
Size
1.1MB
-
Sample
241107-qsc2wstakg
-
MD5
a01906dd39d528571aa40a1b8f8b4940
-
SHA1
396640e082e988fa78f0ceef3fca3a22801d63c0
-
SHA256
6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c
-
SHA512
e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e
-
SSDEEP
12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe
Static task
static1
Behavioral task
behavioral1
Sample
z1NewPO.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
z1NewPO.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
z1NewPO.exe
-
Size
1.1MB
-
MD5
a01906dd39d528571aa40a1b8f8b4940
-
SHA1
396640e082e988fa78f0ceef3fca3a22801d63c0
-
SHA256
6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c
-
SHA512
e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e
-
SSDEEP
12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-