General

  • Target

    rPONO17030099.exe

  • Size

    1.1MB

  • Sample

    241114-n6v4hsspam

  • MD5

    007e2dc1e8e9471f6191e1a14a6a1d5a

  • SHA1

    8050ae700b07352d86b4f8f2652fe9a2e6fce40b

  • SHA256

    2a47814324ff25a37d975085cf9d1a0efd993b51179d2d7cae9bdd31d48b7e5a

  • SHA512

    a8085c9d6b1d71f9ee07c39caeee8131ecd857c110aae07821e50ba30601892209846092bccd1910d8beb79f30f2110490c0f56c097cee69d1de88dfcab7e71c

  • SSDEEP

    24576:Qtb20pkaCqT5TBWgNQ7aHm1Qr7RDcz9076A:ZVg5tQ7aH5xcE5

Score
6/10

Malware Config

Targets

    • Target

      rPONO17030099.exe

    • Size

      1.1MB

    • MD5

      007e2dc1e8e9471f6191e1a14a6a1d5a

    • SHA1

      8050ae700b07352d86b4f8f2652fe9a2e6fce40b

    • SHA256

      2a47814324ff25a37d975085cf9d1a0efd993b51179d2d7cae9bdd31d48b7e5a

    • SHA512

      a8085c9d6b1d71f9ee07c39caeee8131ecd857c110aae07821e50ba30601892209846092bccd1910d8beb79f30f2110490c0f56c097cee69d1de88dfcab7e71c

    • SSDEEP

      24576:Qtb20pkaCqT5TBWgNQ7aHm1Qr7RDcz9076A:ZVg5tQ7aH5xcE5

    Score
    6/10
    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks