General

  • Target

    a048a33e7d04faaef53cf40a1df60c0ad3aada629fe3614ba175fbe701f2e308.exe

  • Size

    1.3MB

  • Sample

    241115-vahlwa1pbr

  • MD5

    55f220f6938fbc6e18c9d030c23978fa

  • SHA1

    70a81c0cd7556ad2aecaf273be87d7d621215434

  • SHA256

    a048a33e7d04faaef53cf40a1df60c0ad3aada629fe3614ba175fbe701f2e308

  • SHA512

    a954257da8f867acdae6fe796f968c174e6fc74368cbf36c8bdeb3e2c3240d49b5929b65696b048396f9b34bef1a7f42317edf6a6b61e5e2a21e94690ab10ab0

  • SSDEEP

    24576:Qtb20pkaCqT5TBWgNQ7aySqc44ZcsvHk6Au:ZVg5tQ7aySDvY5u

Score
7/10

Malware Config

Targets

    • Target

      a048a33e7d04faaef53cf40a1df60c0ad3aada629fe3614ba175fbe701f2e308.exe

    • Size

      1.3MB

    • MD5

      55f220f6938fbc6e18c9d030c23978fa

    • SHA1

      70a81c0cd7556ad2aecaf273be87d7d621215434

    • SHA256

      a048a33e7d04faaef53cf40a1df60c0ad3aada629fe3614ba175fbe701f2e308

    • SHA512

      a954257da8f867acdae6fe796f968c174e6fc74368cbf36c8bdeb3e2c3240d49b5929b65696b048396f9b34bef1a7f42317edf6a6b61e5e2a21e94690ab10ab0

    • SSDEEP

      24576:Qtb20pkaCqT5TBWgNQ7aySqc44ZcsvHk6Au:ZVg5tQ7aySDvY5u

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks