General
-
Target
e0a440d5dd402281157326d386bffa53b0019d7b3304b568778761674604ca49
-
Size
809KB
-
Sample
241107-rhx5rateme
-
MD5
f861f6097b1a9504c275b58da3a73039
-
SHA1
fd8265ffdefbfbed4fd39ec8b7c80ee76ffbb470
-
SHA256
e0a440d5dd402281157326d386bffa53b0019d7b3304b568778761674604ca49
-
SHA512
148571ed2f05d036b058f3d5c7db30b04786e4504bd58d5a438f2b1d30a177cf3c0d3a7ceea1d6387792016bf9ffbbf643facf6b15af10928e3bce6b2b9b201b
-
SSDEEP
24576:+t7Y8R39qYXC6ruzy4ZSL/LNhXDdK0+Fla:+t7Y89qYXC6ruzy4ZSL/LjdKD/a
Static task
static1
Behavioral task
behavioral1
Sample
BANK SLIP.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
BANK SLIP.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
BANK SLIP.exe
-
Size
1.1MB
-
MD5
477058bbfb81b2a632cf5f2f031af640
-
SHA1
a72772e05f08900fe80968ac3669815d41a17f39
-
SHA256
02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadeb
-
SHA512
04a5f728025c9446e35d8fb258eaa2ad2cdfdbfb3b934b9147980c2f34c50fcc7036f717d68a6030d7666defabbcb6fa9f1bd8a8e555750ba780bf596f5eb799
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXMMBs9RLNPTHdk0IFZk:mJZoQrbTFZY1iaXMMBs9RLldk3Tk
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-