General

  • Target

    c755b7f0096380aa09b10638014031db966044e772670c4f104b423c28f25bde

  • Size

    808KB

  • Sample

    241107-rhxtzstemd

  • MD5

    07e0e55fb38ed7370d19a7900a39b532

  • SHA1

    4badde2b3cbb7cc3d6d8ca73423759525bc94ae0

  • SHA256

    c755b7f0096380aa09b10638014031db966044e772670c4f104b423c28f25bde

  • SHA512

    be8ce7e2fb7b74d30e9c39e35361caa74a6a2b120c30026f84f0548c45a43ab94d0e56102a8445037f68e1e33f98ad4f790d7b7e4f07dbb50733c9a4d192a808

  • SSDEEP

    12288:Ht7YGZR3uW7WYExYC7+WixEZzjdvvgh114Fwu77/p0trnwzGDpQlgFNT:Ht7Y8R39qYXC6ruzpgh2mrn1pT

Score
7/10

Malware Config

Targets

    • Target

      New PO.exe

    • Size

      1.1MB

    • MD5

      a01906dd39d528571aa40a1b8f8b4940

    • SHA1

      396640e082e988fa78f0ceef3fca3a22801d63c0

    • SHA256

      6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c

    • SHA512

      e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e

    • SSDEEP

      12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks