b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

b4b7d2a2c7...82.exe

windows7-x64

7

b4b7d2a2c7...82.exe

windows10-2004-x64

7

Sharing

General

Target

b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82.exe
Size

558KB
Sample

241119-w1sefazhjk
MD5

c65d4758015f3e3428b96dcd37cf7138
SHA1

407f4c7a1d548b45cf7dfbe5babc7f41ab787740
SHA256

b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82
SHA512

9aec87bf42d018a232be1bb1b8a83b1c032f276d6d0290b4eaae0f1c3db0c052631a2ad9158f015f933574d04d2a6b7fe55fd592eba49129473f1da7dbb36c36
SSDEEP

12288:K6Wq4aaE6KwyF5L0Y2D1PqL9QoPyW1+Ej/TqVde8G7g:othEVaPqLGo6IbEdjKg

Score

7^/10

collection discovery upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82.exe

Resource

win7-20240903-en

collection discovery upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82.exe
- Size
  
  558KB
- MD5
  
  c65d4758015f3e3428b96dcd37cf7138
- SHA1
  
  407f4c7a1d548b45cf7dfbe5babc7f41ab787740
- SHA256
  
  b4b7d2a2c7d37a0e58d4459f688f498eefecb2b8be0db9ee808c95ecd52cbb82
- SHA512
  
  9aec87bf42d018a232be1bb1b8a83b1c032f276d6d0290b4eaae0f1c3db0c052631a2ad9158f015f933574d04d2a6b7fe55fd592eba49129473f1da7dbb36c36
- SSDEEP
  
  12288:K6Wq4aaE6KwyF5L0Y2D1PqL9QoPyW1+Ej/TqVde8G7g:othEVaPqLGo6IbEdjKg
Score

7^/10

collection discovery upx
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryupx

behavioral2

© 2018-2025

Terms | Privacy