General
-
Target
27.FICH_33O3LcBJBPsZDE6v.zip
-
Size
310KB
-
Sample
220623-r866cagch3
-
MD5
982582d0a8e8af228db9621147dd3c8c
-
SHA1
3eacb43865475d56bdd1f8f98e37484ad2b1e2b4
-
SHA256
f961ab990bb222718ec6602a854dd7395926f0813028799b7f367aec91382c57
-
SHA512
889ab186dbb53a3867a6ce794204de62e23948cda27d93b068fb70824933cc6a32417d87833128096f104084c322fdcde8abd4dccf67341ebf53b2f35b502fa2
Static task
static1
Behavioral task
behavioral1
Sample
27.FICH_33O3LcBJBPsZDE6v.vbs
Resource
win7-20220414-es
Behavioral task
behavioral2
Sample
27.FICH_33O3LcBJBPsZDE6v.vbs
Resource
win10v2004-20220414-es
Behavioral task
behavioral3
Sample
_.exe
Resource
win7-20220414-es
Malware Config
Targets
-
-
Target
27.FICH_33O3LcBJBPsZDE6v.vbs
-
Size
7KB
-
MD5
25926cb2b53f3be53b0999621d1f1ccf
-
SHA1
9a073d7bd4b2f730f157f4612551504d16607256
-
SHA256
665b376283df9d5e962860cc1d6cc2ec05157afff65d44b6d9ff64d8b6393941
-
SHA512
8542f4c0815e8f161c4dc2151252454fc2dcc86da0a3160724f54d702d3ea99805be006d5bfdde65f68f3aba6556892d735515824a3fdf24f9de0dd05dc469bd
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
_
-
Size
325KB
-
MD5
04704493bcdc4d0c1c9d0fd8ebf5afbc
-
SHA1
95d64b037a8d0c5d8318a7c1429d89529ac5c766
-
SHA256
28225c5622637cdaed8342e14560e8de7b53dd6ba145d973643fc4b5bdd67b75
-
SHA512
ed06b9f7931326ff6923b65e95db45931b21995aa8b52eb26f578017e5b60bee7139251bc3fedc65fc7becb7e1d7d4dfdaa17361d01d8d36ebd770c9142c5c8d
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-