General
-
Target
4.ppam.zip
-
Size
38KB
-
Sample
220324-m8n8bacgfj
-
MD5
fb9645bf9fd5e69816713ede73072328
-
SHA1
78c4c9b664572e4cb1f76f353ebf949c792226d2
-
SHA256
68184c299903904b8f9cf8df7856c9f20936749d14586aac71ebb5aa8ac43de5
-
SHA512
395a5e0853198058ff56cca5bf6f393cca1a0afaf58331d52503866f4d99b6a486dfc648f593252a512e767cf16afbd32a79069c2167cbbcf02c195088655ab0
Static task
static1
Behavioral task
behavioral1
Sample
4.ppam
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
4.ppam
Resource
win10v2004-en-20220113
Malware Config
Extracted
oski
72.11.143.125/k/4k/
Targets
-
-
Target
4.ppam
-
Size
44KB
-
MD5
b8bc3f064e7f371dc92600c9f0830f11
-
SHA1
1c399b13f2e0b195442246dce999702895d2139a
-
SHA256
6929d3f0dd7ea4faa504412afbcd802797a4dd40ad71fa658cfc72040e75cd83
-
SHA512
19d1785dcea779192f78518ed0ae8d128758a2ea1209b0c37648152d882a8688f251744f15cc0c8492154f195ce756a4b9fab610776b8d02dcfd6b4e6e406f82
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-