General
-
Target
10112024_1514_2024-SP0074-B(01).zip
-
Size
1.1MB
-
Sample
241110-smt5bsymhy
-
MD5
04cd89b7d25b673a47e046f078783afb
-
SHA1
33f696416adade4137a4476a811e000abacdf5e7
-
SHA256
200230feb9c84e7fb5b6f103275323b105e7f8ed7158f82bcd27e286c5645302
-
SHA512
8e3cc46f15c240cca78d884f58491127a739eb96f364eb0f44d0bd211b60d0af0dd3e6847ffb923d2ff1fedc2c2d43494160f204d6d45317f8643291e8ab28ec
-
SSDEEP
24576:KUw2i0+7XTkIrG6q3UpPZ/W/3KUtSWEooXnqb67YG7+ClOrP2g/J2x:KeoaxEpPpicxXnqIsrP4x
Static task
static1
Behavioral task
behavioral1
Sample
2024-SP0074-B(01).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-SP0074-B(01).exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-SP0074-B(01).exe
-
Size
1.5MB
-
MD5
750798991ac8fc5116b7d624fb06fa9a
-
SHA1
165df7ccb51d02e71dc411e53a43b13637099a29
-
SHA256
e8d8a7a4fcebd48952a717889cff1349db80405687469c6ab10fe0efe5caa424
-
SHA512
9a611ebb574936f57eb3f080dbde7e150a2840e93306087c970a2b865c134d02275d48e7ae6d72272416afba6cff4a09998ce0e1d8963d07743a9c5f4eb25a44
-
SSDEEP
24576:y7ixhmEEKPP+mOLGQvXTcIXGAQPepdZNWp3UUdKC2oyD3gF65YGH+i8N:YixhmEEKPP+bl2zWpdH6Q/D3gAeN
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-