General
-
Target
a6708d1832818c894303f564c2a51e536be62f42e49627641e4b0c0b6dc2dd6d
-
Size
807KB
-
Sample
241107-spz4cstpgv
-
MD5
21a064c502b41c5cf247b57900ce8ddd
-
SHA1
413ed8415cd345923ea3554a0aa61d79186d96a1
-
SHA256
a6708d1832818c894303f564c2a51e536be62f42e49627641e4b0c0b6dc2dd6d
-
SHA512
16d7930944f788d3746cb6a1e5cd2f25f28e0bf436a7ba0fe6bb6138d997d959def92ecf3a17bd2f325a432cba5871ab9c24edecffda9861bb49fad2430ec229
-
SSDEEP
24576:ot7Y8R39qYXC6ruz7EFvx3EF/c34IpV6TpQv9Z6s:ot7Y89qYXC6ruz7Sw0ZKTiv+s
Static task
static1
Behavioral task
behavioral1
Sample
Payment slip.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Payment slip.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Payment slip.exe
-
Size
1.1MB
-
MD5
5bd138c48435c8ce360cce3882b0d97a
-
SHA1
8327b8e546c18ceedee51ebd7fc81e9026588acf
-
SHA256
275b87b38617ceee81d0ae60d45795b413982680b572298273fc86399617368a
-
SHA512
5b636775b3e3124db5b8121d955a08c01f96db7ac06dd9d506be21cfa54b393b5f5e78b754776a82ba969ff0bf34cda4bd435e679198725f9ac05c79020490b8
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXURlXV6V/e3E6rJmppcxBZUB:mJZoQrbTFZY1iaXEKGdopuxkB
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-