General
-
Target
file.ppam
-
Size
44KB
-
Sample
220325-mr62ssegc2
-
MD5
94db4fee6e903bdb75794aa9f9928a1f
-
SHA1
f62c886160d338a8516562b2c87bcc0cd22397a5
-
SHA256
e4850ae4c018e7beb4a588c38acd8922168e843e2d984226ad2370ce0d9ca0cc
-
SHA512
8fe8c9d6ba4a0019c4ded773289c7c3891a78ee6a958b6af8827404579c078d358f4a2012ea95937cbc24b3e5e1fc3e4fe4a62d3160ac755b0c23130384f96ea
Static task
static1
Behavioral task
behavioral1
Sample
file.ppam
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
file.ppam
Resource
win10v2004-en-20220113
Malware Config
Extracted
oski
72.11.143.125/k/12k/
Targets
-
-
Target
file.ppam
-
Size
44KB
-
MD5
94db4fee6e903bdb75794aa9f9928a1f
-
SHA1
f62c886160d338a8516562b2c87bcc0cd22397a5
-
SHA256
e4850ae4c018e7beb4a588c38acd8922168e843e2d984226ad2370ce0d9ca0cc
-
SHA512
8fe8c9d6ba4a0019c4ded773289c7c3891a78ee6a958b6af8827404579c078d358f4a2012ea95937cbc24b3e5e1fc3e4fe4a62d3160ac755b0c23130384f96ea
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-