General
-
Target
12c93f2f8d4bbe0241201fd446683ded306ff536a582169df50f44fc7dd06589
-
Size
873KB
-
Sample
241108-bt8gvs1nbw
-
MD5
c6aea4bab08bf05d778e27d92ae131b7
-
SHA1
49081c83766fab8c13ca84807e1a5a35daf95bb8
-
SHA256
12c93f2f8d4bbe0241201fd446683ded306ff536a582169df50f44fc7dd06589
-
SHA512
99fd70060dabf192b89bc03ab5c091facedcf7981df5ec5cf25b461efb562d4243c2a0bbbb272b82b847ecd7daeca071f54194fab67df6ddfca1d699a1a9837c
-
SSDEEP
24576:ut7Y8R39qYXC6ruzI23Lb1vpB1DYafULO40UTb70UK:ut7Y89qYXC6ruzI27b1RrLsqM4UK
Static task
static1
Behavioral task
behavioral1
Sample
Wire Transfer Proof.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Wire Transfer Proof.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Wire Transfer Proof.exe
-
Size
1.2MB
-
MD5
f2b6ce58efbc112f88d5bc3469363447
-
SHA1
8f384ff323253f7ac78af308ebc9c85db84580ba
-
SHA256
ba4c29b2eefd73cea7aa8c75d3e83d5cdc456009a06d5ba62bc53e5b2fd54520
-
SHA512
efa11d8e027fa551d1e8afb35f8aa5c79d1ee6ba4387e8983c231955ba09147aa96cf082bd3d044922dd4f95ea5f6aab595234c5669b4940f483c2523a448520
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaX63P5r/LZZXaaZUPOA0OHJ7IQ5:mJZoQrbTFZY1iaX6f5rTbdOm+mQ5
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-