DigitalSide Threat Intel

OutlookerX.zip

First submission 2024-10-18 03:09:06

File details

File type: Zip archive data, at least v1.0 to extract
Mime type: application/zip
File size: 37916.32 KB (38826316 bytes)
MD5: fab58b59e3e85329686d3af1b4e49bd6
SHA1: 2283332bfc6b007dc2529fa9840fe35fbe517bb6
SHA256: c9e8174c0e9a553fee9cc1b74b9edb15a1d746467ab45637a6b3b66aeb8a21c6

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 0/77 VT report date: 2024-10-17 19:30:14

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://3.94.86.69/files/OutlookerX.zip VirusTotal Report 3.94.86.69 VirusTotal Report 2024-10-18 03:09:06

Strings analysis - File found

Executable
i%.so
XML
Debug/System.Runtime.CompilerServices.Unsafe.xml
Debug/Microsoft.Extensions.Primitives.xml
Debug/System.Threading.Tasks.Extensions.xml
Debug/itextsharp.xml
Debug/System.Diagnostics.DiagnosticSource.xml
Debug/Microsoft.Extensions.DependencyInjection.xml
Debug/Microsoft.Extensions.Logging.Abstractions.xml
Debug/System.Memory.xml
Debug/Microsoft.Extensions.DependencyInjection.Abstractions.xml
Debug/Newtonsoft.Json.xml
Debug/Microsoft.Extensions.Logging.xml
Debug/Bunifu.UI.WinForms.BunifuButton.xml
Debug/Microsoft.Bcl.AsyncInterfaces.xml
Debug/BouncyCastle.Cryptography.xml
Debug/System.Buffers.xml
Debug/System.Numerics.Vectors.xml
Debug/BouncyCastle.Crypto.xml
Debug/RaquibzOutlookSender.xml
Debug/System.ValueTuple.xml
Debug/Microsoft.Extensions.Options.xml
Debug/NReco.ImageGenerator.xml
Database
Oe.dB
Portable
Debug/Attachments/FD2548KKJ (9).pdf
Debug/Attachments/HHKW678NBDF (4).pdf
Debug/Attachments/FD2548KKJ (10).pdf
Debug/Attachments/HHKW678NBDF (2).pdf
Debug/Attachments/HHKW678NBDF (5).pdf
Debug/Attachments/FD2548KKJ (3).pdf
Debug/Attachments/FD2548KKJ (1).pdf
Debug/Attachments/HHKW678NBDF (3).pdf
Debug/Attachments/HHKW678NBDF (8).pdf
Debug/Attachments/HHKW678NBDF (1).pdf
Debug/Attachments/FD2548KKJ (2).pdf
Debug/Attachments/HHKW678NBDF (7).pdf
Debug/Attachments/FD2548KKJ (4).pdf
Debug/Attachments/HHKW678NBDF (6).pdf
Debug/Attachments/FD2548KKJ (6).pdf
Debug/Attachments/FD2548KKJ (7).pdf
Debug/Attachments/FD2548KKJ (11).pdf
Debug/Attachments/HHKW678NBDF (11).pdf
Debug/Attachments/HHKW678NBDF (10).pdf
Debug/Attachments/FD2548KKJ (8).pdf
Debug/Attachments/HHKW678NBDF (9).pdf
Debug/Attachments/FD2548KKJ (5).pdf
Library
api-ms-win-core-console-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-timezone-l1-1-0.dll
Debug/Bunifu.UI.WinForms.BunifuButton.dll
Debug/wkhtmltoimage/api-ms-win-core-interlocked-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-environment-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-runtime-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-namedpipe-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-synch-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-heap-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-string-l1-1-0.dll
Debug/MetroFramework.Design.dll
Debug/wkhtmltoimage/api-ms-win-core-processthreads-l1-1-1.dll
Debug/wkhtmltoimage/vcruntime140.dll
msvcp140_2.dll
Debug/System.Numerics.Vectors.dll
Debug/System.Threading.Tasks.Extensions.dll
Debug/NReco.ImageGenerator.dll
Debug/wkhtmltoimage/api-ms-win-core-heap-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-datetime-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-sysinfo-l1-1-0.dll
Debug/System.Memory.dll
Debug/Microsoft.Extensions.Options.dll
Debug/wkhtmltoimage/api-ms-win-crt-utility-l1-1-0.dll
Debug/BouncyCastle.Crypto.dll
Debug/System.Buffers.dll
Debug/wkhtmltoimage/api-ms-win-core-processthreads-l1-1-0.dll
Debug/System.ValueTuple.dll
Debug/Bunifu.Core.dll
vcruntime140.dll
Debug/wkhtmltoimage/msvcp140_2.dll
Debug/wkhtmltoimage/vccorlib140.dll
Debug/Microsoft.Extensions.Primitives.dll
Debug/wkhtmltoimage/api-ms-win-core-synch-l1-2-0.dll
Debug/wkhtmltoimage/concrt140.dll
Debug/wkhtmltoimage/api-ms-win-core-libraryloader-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-multibyte-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-handle-l1-1-0.dll
Debug/MetroFramework.Fonts.dll
Debug/wkhtmltoimage/ucrtbase.dll
Debug/de-DE/Faker.Net.4.8.resources.dll
Debug/wkhtmltoimage/api-ms-win-crt-process-l1-1-0.dll
Debug/System.Diagnostics.DiagnosticSource.dll
Debug/Faker.Net.4.8.dll
Debug/wkhtmltoimage/api-ms-win-core-rtlsupport-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-stdio-l1-1-0.dll
Debug/wkhtmltoimage/vcomp140.dll
vcomp140.dll
Debug/Microsoft.Extensions.DependencyInjection.dll
Debug/wkhtmltoimage/msvcp140.dll
Debug/wkhtmltoimage/api-ms-win-core-debug-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-profile-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-math-l1-1-0.dll
Debug/Microsoft.Bcl.AsyncInterfaces.dll
Debug/wkhtmltoimage/api-ms-win-core-localization-l1-2-0.dll
Debug/wkhtmltoimage/msvcp140_1.dll
Debug/Newtonsoft.Json.dll
Debug/wkhtmltoimage/api-ms-win-core-processenvironment-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-memory-l1-1-0.dll
Debug/Microsoft.Extensions.DependencyInjection.Abstractions.dll
Debug/Microsoft.Extensions.Logging.Abstractions.dll
Debug/MetroFramework.dll
Debug/BouncyCastle.Cryptography.dll
Debug/wkhtmltoimage/api-ms-win-core-errorhandling-l1-1-0.dll
Debug/Microsoft.Extensions.Logging.dll
Debug/itextsharp.dll
Debug/wkhtmltoimage/api-ms-win-crt-locale-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-conio-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-filesystem-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-convert-l1-1-0.dll
Debug/System.Runtime.CompilerServices.Unsafe.dll
Debug/wkhtmltoimage/api-ms-win-core-console-l1-1-0.dll
Debug/wkhtmltoimage/API-MS-Win-core-xstate-l2-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-time-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-util-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-private-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-file-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-crt-string-l1-1-0.dll
Debug/wkhtmltoimage/api-ms-win-core-file-l1-2-0.dll
Debug/wkhtmltoimage/api-ms-win-core-file-l2-1-0.dll

Strings analysis - Possible IPs found 1

7.6.5.3