General
-
Target
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0
-
Size
95KB
-
Sample
241111-1qmtes1jgp
-
MD5
83427b742cf09d67f57e79b102ded781
-
SHA1
9a8f78ecf41a4d72ae065b10c1140de83b2ca86a
-
SHA256
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0
-
SHA512
8aab9bf240a3e426e5727a5f8f39963b6d97ccaf67a28c2d4b492e1dcc4df1601cf73fe853df8c66d77c29120fb648e977ac1051b311ed4d68b410c0ea48b609
-
SSDEEP
768:/jMZNW4oEUbL6/J49jM5wQ1/tU9dKGo2QmFR22xQPFQ0o1FOj94Us2hQ4k1s3s4V:4Sf70WY+kKPTkrwaB
Static task
static1
Behavioral task
behavioral1
Sample
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0.js
Resource
win10v2004-20241007-uk
Behavioral task
behavioral2
Sample
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0.js
Resource
win10ltsc2021-20241023-uk
Behavioral task
behavioral3
Sample
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0.js
Resource
win11-20241023-uk
Malware Config
Targets
-
-
Target
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0
-
Size
95KB
-
MD5
83427b742cf09d67f57e79b102ded781
-
SHA1
9a8f78ecf41a4d72ae065b10c1140de83b2ca86a
-
SHA256
10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0
-
SHA512
8aab9bf240a3e426e5727a5f8f39963b6d97ccaf67a28c2d4b492e1dcc4df1601cf73fe853df8c66d77c29120fb648e977ac1051b311ed4d68b410c0ea48b609
-
SSDEEP
768:/jMZNW4oEUbL6/J49jM5wQ1/tU9dKGo2QmFR22xQPFQ0o1FOj94Us2hQ4k1s3s4V:4Sf70WY+kKPTkrwaB
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-