General

  • Target

    10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0

  • Size

    95KB

  • Sample

    241111-1qmtes1jgp

  • MD5

    83427b742cf09d67f57e79b102ded781

  • SHA1

    9a8f78ecf41a4d72ae065b10c1140de83b2ca86a

  • SHA256

    10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0

  • SHA512

    8aab9bf240a3e426e5727a5f8f39963b6d97ccaf67a28c2d4b492e1dcc4df1601cf73fe853df8c66d77c29120fb648e977ac1051b311ed4d68b410c0ea48b609

  • SSDEEP

    768:/jMZNW4oEUbL6/J49jM5wQ1/tU9dKGo2QmFR22xQPFQ0o1FOj94Us2hQ4k1s3s4V:4Sf70WY+kKPTkrwaB

Malware Config

Targets

    • Target

      10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0

    • Size

      95KB

    • MD5

      83427b742cf09d67f57e79b102ded781

    • SHA1

      9a8f78ecf41a4d72ae065b10c1140de83b2ca86a

    • SHA256

      10d074914099932ea7074ed6f91ee29b67da0103538e6c1e7aea9ab51cdcb6c0

    • SHA512

      8aab9bf240a3e426e5727a5f8f39963b6d97ccaf67a28c2d4b492e1dcc4df1601cf73fe853df8c66d77c29120fb648e977ac1051b311ed4d68b410c0ea48b609

    • SSDEEP

      768:/jMZNW4oEUbL6/J49jM5wQ1/tU9dKGo2QmFR22xQPFQ0o1FOj94Us2hQ4k1s3s4V:4Sf70WY+kKPTkrwaB

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks