de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

de2b53ae95...a9.exe

windows7-x64

7

de2b53ae95...a9.exe

windows10-2004-x64

7

Sharing

General

Target

de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9
Size

1.1MB
Sample

241120-qz5eqaxckb
MD5

ebbcae8a6ac0cababc732d3054eaa32c
SHA1

00504e8b0c9f34fd5d7e86ef0f1a784c41154c8a
SHA256

de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9
SHA512

0cc25a6dc7290abad490f010bc655fd554504956c666f1617b9a3f9dfe52c95e957b0bebf71aacaee97d36c33ecac5ac3ba1f1defe59819056aba36e8e62dd09
SSDEEP

24576:WfmMv6Ckr7Mny5QLg4iMM14ZBPNyK/zoJY6B0rY:W3v+7/5QL1XM2ZBPNlYEY

Score

7^/10

collection discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9.exe

Resource

win7-20240903-en

collection discovery

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9
- Size
  
  1.1MB
- MD5
  
  ebbcae8a6ac0cababc732d3054eaa32c
- SHA1
  
  00504e8b0c9f34fd5d7e86ef0f1a784c41154c8a
- SHA256
  
  de2b53ae95672d4811a3203e495104c8aa37da17159b3e7b7486f44d6ade60a9
- SHA512
  
  0cc25a6dc7290abad490f010bc655fd554504956c666f1617b9a3f9dfe52c95e957b0bebf71aacaee97d36c33ecac5ac3ba1f1defe59819056aba36e8e62dd09
- SSDEEP
  
  24576:WfmMv6Ckr7Mny5QLg4iMM14ZBPNyK/zoJY6B0rY:W3v+7/5QL1XM2ZBPNlYEY
Score

7^/10

collection discovery
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscovery

behavioral2

© 2018-2025

Terms | Privacy