General

  • Target

    5e3521bee81bb39dae47648627ea8810f88dc0a16055efa1eadd779f804f60f1

  • Size

    1.1MB

  • Sample

    241115-vbqnwa1pdp

  • MD5

    cd3c7f532dcffd81361915bf691cfbd0

  • SHA1

    ddaa78fa6df0b9f19a0b7c9e8f54c4224f6a7a14

  • SHA256

    5e3521bee81bb39dae47648627ea8810f88dc0a16055efa1eadd779f804f60f1

  • SHA512

    d22b4f09fe235b8cbe6827c7158becf3573a4e5da6bb4f22e54055376195bfd812d8642969b9b2f917598b227facedd99c82c914e96b3fa5658b77bf83372f25

  • SSDEEP

    12288:ALkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLURDWlWWUXVDioc0ELeN3FuYy96QX4w:WfmMv6Ckr7Mny5QLURKgWod7TgIQXae

Score
7/10

Malware Config

Targets

    • Target

      5e3521bee81bb39dae47648627ea8810f88dc0a16055efa1eadd779f804f60f1

    • Size

      1.1MB

    • MD5

      cd3c7f532dcffd81361915bf691cfbd0

    • SHA1

      ddaa78fa6df0b9f19a0b7c9e8f54c4224f6a7a14

    • SHA256

      5e3521bee81bb39dae47648627ea8810f88dc0a16055efa1eadd779f804f60f1

    • SHA512

      d22b4f09fe235b8cbe6827c7158becf3573a4e5da6bb4f22e54055376195bfd812d8642969b9b2f917598b227facedd99c82c914e96b3fa5658b77bf83372f25

    • SSDEEP

      12288:ALkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLURDWlWWUXVDioc0ELeN3FuYy96QX4w:WfmMv6Ckr7Mny5QLURKgWod7TgIQXae

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks