General
-
Target
rPONO17030099.exe
-
Size
1.1MB
-
Sample
241114-n6v4hsspam
-
MD5
007e2dc1e8e9471f6191e1a14a6a1d5a
-
SHA1
8050ae700b07352d86b4f8f2652fe9a2e6fce40b
-
SHA256
2a47814324ff25a37d975085cf9d1a0efd993b51179d2d7cae9bdd31d48b7e5a
-
SHA512
a8085c9d6b1d71f9ee07c39caeee8131ecd857c110aae07821e50ba30601892209846092bccd1910d8beb79f30f2110490c0f56c097cee69d1de88dfcab7e71c
-
SSDEEP
24576:Qtb20pkaCqT5TBWgNQ7aHm1Qr7RDcz9076A:ZVg5tQ7aH5xcE5
Static task
static1
Behavioral task
behavioral1
Sample
rPONO17030099.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
rPONO17030099.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
rPONO17030099.exe
-
Size
1.1MB
-
MD5
007e2dc1e8e9471f6191e1a14a6a1d5a
-
SHA1
8050ae700b07352d86b4f8f2652fe9a2e6fce40b
-
SHA256
2a47814324ff25a37d975085cf9d1a0efd993b51179d2d7cae9bdd31d48b7e5a
-
SHA512
a8085c9d6b1d71f9ee07c39caeee8131ecd857c110aae07821e50ba30601892209846092bccd1910d8beb79f30f2110490c0f56c097cee69d1de88dfcab7e71c
-
SSDEEP
24576:Qtb20pkaCqT5TBWgNQ7aHm1Qr7RDcz9076A:ZVg5tQ7aH5xcE5
Score6/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-