Overview

overview

10

Static

static

5

PO_1079021908.exe

windows7-x64

6

PO_1079021908.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    630ccdd7a100ca4d9f3bc5859068021fd1b7b134dfc6b396af46c6530cf44feb.rar

  • Size

    488KB

  • Sample

    241120-c9kw6stnak

  • MD5

    8cfd8b1e3130ca77ff3f500e9789323d

  • SHA1

    327e01593fb48a800a4fb55f03c45f58709d4cc7

  • SHA256

    630ccdd7a100ca4d9f3bc5859068021fd1b7b134dfc6b396af46c6530cf44feb

  • SHA512

    8b062db3a0154818801f85580e877b6dd4b87aeff9d1436f8e6ef18a32eff049d35ce938de823ed4f1184f53d7930ac8d7d266db767dbf4a08c245c4a14f4fe6

  • SSDEEP

    12288:vSDLLV1zHe5mw6NsehP0M2i+gcbMi8MQQZqjfB9S:UV1Lomw6G7IWMiMfB4

Score
10/10
collectiondiscovery

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    surewaz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7tYJ9x.be(L,

Targets

    • Target

      PO_1079021908.exe

    • Size

      1.1MB

    • MD5

      591e551a977d0067ea4ca1180f578cc7

    • SHA1

      99b95d235c3cccc27fc5732d956e8ff63d4a5243

    • SHA256

      a448772fc396392ea06f8cc4276858096ca083104312b22369e7f6a95fb8d0b7

    • SHA512

      f1cd6b478761bee0db5e0aa567941959c97588beb9630c6008a391a4ac9e2e73f5a5b618a0bc7049d53a040f99ae76fbc5d7169e36599b6356d20f16dd53ecaf

    • SSDEEP

      12288:atb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga8M7qEHEWPHcQD6A:atb20pkaCqT5TBWgNQ7a8M717P9D6A

    Score
    10/10
    collectiondiscovery

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks