General
-
Target
d5264a57d2e10b022f53138eb38f63e69c136ddf10765e69a9028d1b27a65881
-
Size
280KB
-
Sample
220521-nxk7ysecd2
-
MD5
cfc4d2d074d9f8b1580c84e29389aeb0
-
SHA1
12cbaf28092e31f7512c6710b50475ad1e138124
-
SHA256
d5264a57d2e10b022f53138eb38f63e69c136ddf10765e69a9028d1b27a65881
-
SHA512
2c247536ed559c977895f8bd7edb2f7ce2df1c7e56b1aaa78726bf8938fd35a850edb8df6585241877304f079f3a865a61c05cc7b3c2ed571e2938c2fc255a73
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
invoice.exe
-
Size
543KB
-
MD5
eaea515875cf1cd7e30d1e673bdf394d
-
SHA1
81d2c5ad94b48db9f02d1f443d3e6b7df253708c
-
SHA256
52d60767d2ff5516a17a6a2a429dd47fd2dafa69a778e1da6129c7f1dd3eeae4
-
SHA512
ffa46f06ed3c2d98d69d1df12169b2308fcb5c1e4ea5d15b67f12ef408081421fe9817be6baf0862d78f9b3f923c504226897bf89255ba592c394f0f12046ef1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-