General

  • Target

    5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b

  • Size

    1.1MB

  • Sample

    241116-plcl4szpel

  • MD5

    7ff7fe2c6873fe797424222a0b5870e4

  • SHA1

    d6667dffbf6623ee8e6c3a081243725250d9113d

  • SHA256

    5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b

  • SHA512

    cc1c7bcfe8fe67d6b3664c519464751816db2fc1fff48a57be7bdadf563eaa55129687f975c234888e771052844223228c63fca4b8711a380c42021327014264

  • SSDEEP

    12288:Xtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga0yln5XgYQ3J9a+PN2O5:Xtb20pkaCqT5TBWgNQ7a0G5X4s+wO6A

Score
7/10

Malware Config

Targets

    • Target

      5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b

    • Size

      1.1MB

    • MD5

      7ff7fe2c6873fe797424222a0b5870e4

    • SHA1

      d6667dffbf6623ee8e6c3a081243725250d9113d

    • SHA256

      5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b

    • SHA512

      cc1c7bcfe8fe67d6b3664c519464751816db2fc1fff48a57be7bdadf563eaa55129687f975c234888e771052844223228c63fca4b8711a380c42021327014264

    • SSDEEP

      12288:Xtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga0yln5XgYQ3J9a+PN2O5:Xtb20pkaCqT5TBWgNQ7a0G5X4s+wO6A

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks