General

  • Target

    02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadebN

  • Size

    1.1MB

  • Sample

    241110-fvey6atkdm

  • MD5

    477058bbfb81b2a632cf5f2f031af640

  • SHA1

    a72772e05f08900fe80968ac3669815d41a17f39

  • SHA256

    02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadeb

  • SHA512

    04a5f728025c9446e35d8fb258eaa2ad2cdfdbfb3b934b9147980c2f34c50fcc7036f717d68a6030d7666defabbcb6fa9f1bd8a8e555750ba780bf596f5eb799

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaXMMBs9RLNPTHdk0IFZk:mJZoQrbTFZY1iaXMMBs9RLldk3Tk

Score
7/10

Malware Config

Targets

    • Target

      02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadebN

    • Size

      1.1MB

    • MD5

      477058bbfb81b2a632cf5f2f031af640

    • SHA1

      a72772e05f08900fe80968ac3669815d41a17f39

    • SHA256

      02a849644f940bb0028a187f4565bd7716b8f3283d1e643d813f9501bb7aadeb

    • SHA512

      04a5f728025c9446e35d8fb258eaa2ad2cdfdbfb3b934b9147980c2f34c50fcc7036f717d68a6030d7666defabbcb6fa9f1bd8a8e555750ba780bf596f5eb799

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaXMMBs9RLNPTHdk0IFZk:mJZoQrbTFZY1iaXMMBs9RLldk3Tk

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks