General
-
Target
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649
-
Size
606KB
-
Sample
220708-r5legagfc8
-
MD5
f78631aca9bd9ab5becfb068ee6825df
-
SHA1
3cc7c5dd9d19ce7f74874f49b24c29fe288ae2c8
-
SHA256
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649
-
SHA512
246585388dbf4958e047deebbfc978e621f3da34f5e36f5a1cd34ccb2f264a4c47b4111a6e8c036ab3984ab55183058fc16904c12b13f0329cf483c5c17757e8
Static task
static1
Behavioral task
behavioral1
Sample
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649
-
Size
606KB
-
MD5
f78631aca9bd9ab5becfb068ee6825df
-
SHA1
3cc7c5dd9d19ce7f74874f49b24c29fe288ae2c8
-
SHA256
40bbbba081d50d4f5662b2539d5622dca1bb4bc9e266b1caf7110bc6819aa649
-
SHA512
246585388dbf4958e047deebbfc978e621f3da34f5e36f5a1cd34ccb2f264a4c47b4111a6e8c036ab3984ab55183058fc16904c12b13f0329cf483c5c17757e8
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-