General
-
Target
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
-
Size
3.2MB
-
Sample
220801-v9wmsafdd7
-
MD5
5687085673a9d92c724dcadc69468181
-
SHA1
e35f1aaccabdc6ba6a71c2e426fedf7fecd00e5a
-
SHA256
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
-
SHA512
6639f671e2b53fc19602428ad0163a4d9609e3c47b5f6bf0aed6a8c4dbcb3263eefa606690305cbc3312ccab1ac8d3d7963eed00848b1648332ba598b9839ef8
Static task
static1
Behavioral task
behavioral1
Sample
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265.exe
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
-
Size
3.2MB
-
MD5
5687085673a9d92c724dcadc69468181
-
SHA1
e35f1aaccabdc6ba6a71c2e426fedf7fecd00e5a
-
SHA256
5b76d300f910dc3a2f6687e5e104fff1e78f637894f5516a7e28054145c5a265
-
SHA512
6639f671e2b53fc19602428ad0163a4d9609e3c47b5f6bf0aed6a8c4dbcb3263eefa606690305cbc3312ccab1ac8d3d7963eed00848b1648332ba598b9839ef8
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-