General

  • Target

    10112024_1514_2024-SP0074-B(01).zip

  • Size

    1.1MB

  • Sample

    241110-smt5bsymhy

  • MD5

    04cd89b7d25b673a47e046f078783afb

  • SHA1

    33f696416adade4137a4476a811e000abacdf5e7

  • SHA256

    200230feb9c84e7fb5b6f103275323b105e7f8ed7158f82bcd27e286c5645302

  • SHA512

    8e3cc46f15c240cca78d884f58491127a739eb96f364eb0f44d0bd211b60d0af0dd3e6847ffb923d2ff1fedc2c2d43494160f204d6d45317f8643291e8ab28ec

  • SSDEEP

    24576:KUw2i0+7XTkIrG6q3UpPZ/W/3KUtSWEooXnqb67YG7+ClOrP2g/J2x:KeoaxEpPpicxXnqIsrP4x

Score
10/10

Malware Config

Targets

    • Target

      2024-SP0074-B(01).exe

    • Size

      1.5MB

    • MD5

      750798991ac8fc5116b7d624fb06fa9a

    • SHA1

      165df7ccb51d02e71dc411e53a43b13637099a29

    • SHA256

      e8d8a7a4fcebd48952a717889cff1349db80405687469c6ab10fe0efe5caa424

    • SHA512

      9a611ebb574936f57eb3f080dbde7e150a2840e93306087c970a2b865c134d02275d48e7ae6d72272416afba6cff4a09998ce0e1d8963d07743a9c5f4eb25a44

    • SSDEEP

      24576:y7ixhmEEKPP+mOLGQvXTcIXGAQPepdZNWp3UUdKC2oyD3gF65YGH+i8N:YixhmEEKPP+bl2zWpdH6Q/D3gAeN

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks