Overview

overview

7

Static

static

3

PO24_004340~1.exe

windows7-x64

7

PO24_004340~1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d33ed1adc84c7684fb8170009e565e72dbde2346f6eb9c59ac3356a63b91ea0

  • Size

    154KB

  • Sample

    250117-bbxbwawrex

  • MD5

    820cb6692b548f70ea59f236653af1dc

  • SHA1

    e7a6d75486a97089cae6752efc7597fb804b464f

  • SHA256

    2d33ed1adc84c7684fb8170009e565e72dbde2346f6eb9c59ac3356a63b91ea0

  • SHA512

    6e2b573c20cdc7c9e07bf7e588a03ae28bc22fd0bee56ccd419ba0fea61c96c481fbc7d210e9fff67bd2167de394183ecd2c5cca0c74e0b54d12246772fb8f5c

  • SSDEEP

    3072:y5NxdMj7DYOqLQJkZ6BZn0w3McgJIQzzRBnjWparR9RJ3zWT+S043Y:8N03YOq6IPyhKvzzXnapaXR8+SDY

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      PO24_004340~1.exe

    • Size

      219KB

    • MD5

      4c3f6e88fd3d7853b737daab33e64724

    • SHA1

      0bc2cdea6d8faaae294b8daaa2df03a1267ce1e3

    • SHA256

      697bc12eb33d2db2d4611cfa986f7aa32ed1d3d94d04c5536ec210af3e914319

    • SHA512

      da96c89091c5e3a50e4538cff2bd57c9d0ac2d1a88d551f85ae3efc0bb017b2cf2fdba316630379e82fab74449627f5cb2f8dce3bc51016c6d78499467b5418f

    • SSDEEP

      3072:QArRIzPm7i7x2KhtCqE5bpcqiipyAd9g8QwyeVTmfxz6AR+xx7CG9jeIUV:r4PO62KI5dcdipld9grwCJ66cZjV

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks