General

  • Target

    bf43277ab74ebba59be8aaec04fbf058a9d76b872cb717e52f4e46ba8945a802

  • Size

    1.4MB

  • Sample

    241115-y2vx3a1fkr

  • MD5

    e91c9c04ab046fda0acfbcb56bc81a9a

  • SHA1

    6ff5049a623a6424960ccc99e2b1872c5d05a957

  • SHA256

    bf43277ab74ebba59be8aaec04fbf058a9d76b872cb717e52f4e46ba8945a802

  • SHA512

    40d15d1a057be0216058e3bd1a0f2db03b89e4e6fce6139ff119d3f690524b544538fad2c30aaec7251814fc7ac52a17d4b75cf9aeec734c21e093332b24e6b3

  • SSDEEP

    24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aU28Yof+psPPJlD9TuMyGqQDr8dL:lTvC/MTQYxsWR7aUWnul983QHC

Score
7/10

Malware Config

Targets

    • Target

      bf43277ab74ebba59be8aaec04fbf058a9d76b872cb717e52f4e46ba8945a802

    • Size

      1.4MB

    • MD5

      e91c9c04ab046fda0acfbcb56bc81a9a

    • SHA1

      6ff5049a623a6424960ccc99e2b1872c5d05a957

    • SHA256

      bf43277ab74ebba59be8aaec04fbf058a9d76b872cb717e52f4e46ba8945a802

    • SHA512

      40d15d1a057be0216058e3bd1a0f2db03b89e4e6fce6139ff119d3f690524b544538fad2c30aaec7251814fc7ac52a17d4b75cf9aeec734c21e093332b24e6b3

    • SSDEEP

      24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aU28Yof+psPPJlD9TuMyGqQDr8dL:lTvC/MTQYxsWR7aUWnul983QHC

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks