General
-
Target
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2
-
Size
1.1MB
-
Sample
241116-swp7qsspbp
-
MD5
fcb74433e83cc00b94e2ec5921c7a44d
-
SHA1
0f6f9760373a5f5cbb015171576035e3f88c3933
-
SHA256
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2
-
SHA512
0d979665535723cff19fd055787b3af503b52f2a8d2e89a50b166063d5f35df18e3407bb2c26f16f41deb3f3245ff59d02bfe11eb016965caf09cd5419a41138
-
SSDEEP
24576:WfmMv6Ckr7Mny5QtoHEvFC6i9irPhZeMxqz9cFEKorW01+M:W3v+7/5QtUzjUltgzWFdoC01l
Static task
static1
Behavioral task
behavioral1
Sample
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2
-
Size
1.1MB
-
MD5
fcb74433e83cc00b94e2ec5921c7a44d
-
SHA1
0f6f9760373a5f5cbb015171576035e3f88c3933
-
SHA256
fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2
-
SHA512
0d979665535723cff19fd055787b3af503b52f2a8d2e89a50b166063d5f35df18e3407bb2c26f16f41deb3f3245ff59d02bfe11eb016965caf09cd5419a41138
-
SSDEEP
24576:WfmMv6Ckr7Mny5QtoHEvFC6i9irPhZeMxqz9cFEKorW01+M:W3v+7/5QtUzjUltgzWFdoC01l
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-