General

  • Target

    e0a440d5dd402281157326d386bffa53b0019d7b3304b568778761674604ca49

  • Size

    809KB

  • Sample

    241107-rhx5rateme

  • MD5

    f861f6097b1a9504c275b58da3a73039

  • SHA1

    fd8265ffdefbfbed4fd39ec8b7c80ee76ffbb470

  • SHA256

    e0a440d5dd402281157326d386bffa53b0019d7b3304b568778761674604ca49

  • SHA512

    148571ed2f05d036b058f3d5c7db30b04786e4504bd58d5a438f2b1d30a177cf3c0d3a7ceea1d6387792016bf9ffbbf643facf6b15af10928e3bce6b2b9b201b

  • SSDEEP

    24576:+t7Y8R39qYXC6ruzy4ZSL/LNhXDdK0+Fla:+t7Y89qYXC6ruzy4ZSL/LjdKD/a

Score
7/10

Malware Config

Targets

    • Target

      BANK SLIP.exe

    • Size

      1.1MB

    • MD5

      477058bbfb81b2a632cf5f2f031af640

    • SHA1

      a72772e05f08900fe80968ac3669815d41a17f39

    • SHA256

      02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadeb

    • SHA512

      04a5f728025c9446e35d8fb258eaa2ad2cdfdbfb3b934b9147980c2f34c50fcc7036f717d68a6030d7666defabbcb6fa9f1bd8a8e555750ba780bf596f5eb799

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaXMMBs9RLNPTHdk0IFZk:mJZoQrbTFZY1iaXMMBs9RLldk3Tk

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks