General

  • Target

    fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2

  • Size

    1.1MB

  • Sample

    241116-swp7qsspbp

  • MD5

    fcb74433e83cc00b94e2ec5921c7a44d

  • SHA1

    0f6f9760373a5f5cbb015171576035e3f88c3933

  • SHA256

    fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2

  • SHA512

    0d979665535723cff19fd055787b3af503b52f2a8d2e89a50b166063d5f35df18e3407bb2c26f16f41deb3f3245ff59d02bfe11eb016965caf09cd5419a41138

  • SSDEEP

    24576:WfmMv6Ckr7Mny5QtoHEvFC6i9irPhZeMxqz9cFEKorW01+M:W3v+7/5QtUzjUltgzWFdoC01l

Score
7/10

Malware Config

Targets

    • Target

      fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2

    • Size

      1.1MB

    • MD5

      fcb74433e83cc00b94e2ec5921c7a44d

    • SHA1

      0f6f9760373a5f5cbb015171576035e3f88c3933

    • SHA256

      fb7367a9d093262098c0df080aa77f5f0d04c4356b9e29535f0a77c8a43a30a2

    • SHA512

      0d979665535723cff19fd055787b3af503b52f2a8d2e89a50b166063d5f35df18e3407bb2c26f16f41deb3f3245ff59d02bfe11eb016965caf09cd5419a41138

    • SSDEEP

      24576:WfmMv6Ckr7Mny5QtoHEvFC6i9irPhZeMxqz9cFEKorW01+M:W3v+7/5QtUzjUltgzWFdoC01l

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks