General
-
Target
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b
-
Size
1.1MB
-
Sample
241116-plcl4szpel
-
MD5
7ff7fe2c6873fe797424222a0b5870e4
-
SHA1
d6667dffbf6623ee8e6c3a081243725250d9113d
-
SHA256
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b
-
SHA512
cc1c7bcfe8fe67d6b3664c519464751816db2fc1fff48a57be7bdadf563eaa55129687f975c234888e771052844223228c63fca4b8711a380c42021327014264
-
SSDEEP
12288:Xtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga0yln5XgYQ3J9a+PN2O5:Xtb20pkaCqT5TBWgNQ7a0G5X4s+wO6A
Static task
static1
Behavioral task
behavioral1
Sample
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b
-
Size
1.1MB
-
MD5
7ff7fe2c6873fe797424222a0b5870e4
-
SHA1
d6667dffbf6623ee8e6c3a081243725250d9113d
-
SHA256
5f97099c9597917ad3091e70910dc93ded0181185c1878fa4dfffaf540b46e4b
-
SHA512
cc1c7bcfe8fe67d6b3664c519464751816db2fc1fff48a57be7bdadf563eaa55129687f975c234888e771052844223228c63fca4b8711a380c42021327014264
-
SSDEEP
12288:Xtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga0yln5XgYQ3J9a+PN2O5:Xtb20pkaCqT5TBWgNQ7a0G5X4s+wO6A
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-