General

  • Target

    a6708d1832818c894303f564c2a51e536be62f42e49627641e4b0c0b6dc2dd6d

  • Size

    807KB

  • Sample

    241107-spz4cstpgv

  • MD5

    21a064c502b41c5cf247b57900ce8ddd

  • SHA1

    413ed8415cd345923ea3554a0aa61d79186d96a1

  • SHA256

    a6708d1832818c894303f564c2a51e536be62f42e49627641e4b0c0b6dc2dd6d

  • SHA512

    16d7930944f788d3746cb6a1e5cd2f25f28e0bf436a7ba0fe6bb6138d997d959def92ecf3a17bd2f325a432cba5871ab9c24edecffda9861bb49fad2430ec229

  • SSDEEP

    24576:ot7Y8R39qYXC6ruz7EFvx3EF/c34IpV6TpQv9Z6s:ot7Y89qYXC6ruz7Sw0ZKTiv+s

Score
7/10

Malware Config

Targets

    • Target

      Payment slip.exe

    • Size

      1.1MB

    • MD5

      5bd138c48435c8ce360cce3882b0d97a

    • SHA1

      8327b8e546c18ceedee51ebd7fc81e9026588acf

    • SHA256

      275b87b38617ceee81d0ae60d45795b413982680b572298273fc86399617368a

    • SHA512

      5b636775b3e3124db5b8121d955a08c01f96db7ac06dd9d506be21cfa54b393b5f5e78b754776a82ba969ff0bf34cda4bd435e679198725f9ac05c79020490b8

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaXURlXV6V/e3E6rJmppcxBZUB:mJZoQrbTFZY1iaXEKGdopuxkB

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks