General

  • Target

    12c93f2f8d4bbe0241201fd446683ded306ff536a582169df50f44fc7dd06589

  • Size

    873KB

  • Sample

    241108-bt8gvs1nbw

  • MD5

    c6aea4bab08bf05d778e27d92ae131b7

  • SHA1

    49081c83766fab8c13ca84807e1a5a35daf95bb8

  • SHA256

    12c93f2f8d4bbe0241201fd446683ded306ff536a582169df50f44fc7dd06589

  • SHA512

    99fd70060dabf192b89bc03ab5c091facedcf7981df5ec5cf25b461efb562d4243c2a0bbbb272b82b847ecd7daeca071f54194fab67df6ddfca1d699a1a9837c

  • SSDEEP

    24576:ut7Y8R39qYXC6ruzI23Lb1vpB1DYafULO40UTb70UK:ut7Y89qYXC6ruzI27b1RrLsqM4UK

Score
7/10

Malware Config

Targets

    • Target

      Wire Transfer Proof.exe

    • Size

      1.2MB

    • MD5

      f2b6ce58efbc112f88d5bc3469363447

    • SHA1

      8f384ff323253f7ac78af308ebc9c85db84580ba

    • SHA256

      ba4c29b2eefd73cea7aa8c75d3e83d5cdc456009a06d5ba62bc53e5b2fd54520

    • SHA512

      efa11d8e027fa551d1e8afb35f8aa5c79d1ee6ba4387e8983c231955ba09147aa96cf082bd3d044922dd4f95ea5f6aab595234c5669b4940f483c2523a448520

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaX63P5r/LZZXaaZUPOA0OHJ7IQ5:mJZoQrbTFZY1iaX6f5rTbdOm+mQ5

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks