General
-
Target
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd
-
Size
831KB
-
Sample
241208-vkemzazkgy
-
MD5
c4faffa021478685316c135cd34ed748
-
SHA1
df5fafcc42f6a31cf4f6ac615f3716b456d09d5f
-
SHA256
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd
-
SHA512
432b2d8d82336779fbf63d29377b17ea912ab6b371f92e2c6d741a0e04bd27e618e9a723f2f5b6d39cdb00cf1d3104bd2ecd83b982965ba3387119f42dd7e51c
-
SSDEEP
12288:9/AKvOLTbCKfneL+I0gr4Rc6LXaZMljR0lE/V5Je0sZptLOijNu7D0p:6oOLTb7e6I0g8HLX7jH5toptKigD2
Static task
static1
Behavioral task
behavioral1
Sample
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd
-
Size
831KB
-
MD5
c4faffa021478685316c135cd34ed748
-
SHA1
df5fafcc42f6a31cf4f6ac615f3716b456d09d5f
-
SHA256
1e23b22ac7911dd458acdaaccfd418304a450c938c8ec466d8fbc48fd0e6d9bd
-
SHA512
432b2d8d82336779fbf63d29377b17ea912ab6b371f92e2c6d741a0e04bd27e618e9a723f2f5b6d39cdb00cf1d3104bd2ecd83b982965ba3387119f42dd7e51c
-
SSDEEP
12288:9/AKvOLTbCKfneL+I0gr4Rc6LXaZMljR0lE/V5Je0sZptLOijNu7D0p:6oOLTb7e6I0g8HLX7jH5toptKigD2
Score8/10-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-