General
-
Target
c755b7f0096380aa09b10638014031db966044e772670c4f104b423c28f25bde
-
Size
808KB
-
Sample
241107-rhxtzstemd
-
MD5
07e0e55fb38ed7370d19a7900a39b532
-
SHA1
4badde2b3cbb7cc3d6d8ca73423759525bc94ae0
-
SHA256
c755b7f0096380aa09b10638014031db966044e772670c4f104b423c28f25bde
-
SHA512
be8ce7e2fb7b74d30e9c39e35361caa74a6a2b120c30026f84f0548c45a43ab94d0e56102a8445037f68e1e33f98ad4f790d7b7e4f07dbb50733c9a4d192a808
-
SSDEEP
12288:Ht7YGZR3uW7WYExYC7+WixEZzjdvvgh114Fwu77/p0trnwzGDpQlgFNT:Ht7Y8R39qYXC6ruzpgh2mrn1pT
Static task
static1
Behavioral task
behavioral1
Sample
New PO.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
New PO.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
New PO.exe
-
Size
1.1MB
-
MD5
a01906dd39d528571aa40a1b8f8b4940
-
SHA1
396640e082e988fa78f0ceef3fca3a22801d63c0
-
SHA256
6694bab97ec6c923ec79a258e560aeb014ce7363e5c310d68fb69b005eca1b4c
-
SHA512
e132438c1ee36a8b6edc96e6d85ca82fd3bef6ff5c604d6b9f6f1f12af0c78b9a9a5f7744ae4865335c3d32cf12bd795c001598b203b9c2300e402b50fe18c2e
-
SSDEEP
12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aXLF7vDUh/j+Fwe7f/vytd:pRmJkcoQricOIQxiZY1iaXJ4hy2rzvoe
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-