General
-
Target
6e1452a3d543a3c2faa74e005c031144c95c79e0cae866d8f4a9453915180354
-
Size
493KB
-
Sample
220520-rljfrsahbr
-
MD5
8e1b97a6e3ec72b6b53352e2da79f507
-
SHA1
4483f9bcb7c5018149be0c3ac98998297d16047b
-
SHA256
6e1452a3d543a3c2faa74e005c031144c95c79e0cae866d8f4a9453915180354
-
SHA512
5dd9c747f59946724cdded073319b4b27e555fc99afe894a9badc7e5790aebaf7c7808723f4661db82674ec641581fdf406293ca077704e74f4882c37a3db9c1
Static task
static1
Behavioral task
behavioral1
Sample
RFQ List 13052020.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ List 13052020.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RFQ List 13052020.scr
-
Size
837KB
-
MD5
72dd0f3d54f711e8f3c83a2f1b7ce6dc
-
SHA1
4022218fc6956e0bf458e3da091733d9676d738a
-
SHA256
56cdf2f0adffcc195d95801f4f61da727edf5e6fe6bbbf0ac71462f733df9de9
-
SHA512
1cfc50665e87dd0cae7be5de3278048c463c4c997872e301af9b55ad4f884149649fbad8174db9eb65ee8606d6853f09250f0db2bd65c98f359c3c84526be581
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-