General
-
Target
Doc10028.exe
-
Size
2.4MB
-
Sample
220816-q8n44acgg2
-
MD5
2bd43ab6044247edd65f2d29f3540be7
-
SHA1
892e34e6cabdeea13258d7e7e7e098a6820afbe2
-
SHA256
2506cbaa56d9893a48a39a5d991f34da06122deb55efb3979a7629684d24ce78
-
SHA512
3da26f98e66a15cdea0f223134eef790fe6ef6d8a602e5e6e169b347c056a660f7eb18e1adc85c5d269ae148b3722b179ce1cd00edf1b90b8ed989d723485dd3
-
SSDEEP
49152:ASpt6A7Uxqy3DuxRRDBwiRih9BSUO2+54DnS06eTadHnvf:R6A7U8yTuxRIrrOh8SfX
Static task
static1
Behavioral task
behavioral1
Sample
Doc10028.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Doc10028.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
lotexh.shop - Port:
587 - Username:
jahfunds@lotexh.shop - Password:
AmWcR;&S@thk
Targets
-
-
Target
Doc10028.exe
-
Size
2.4MB
-
MD5
2bd43ab6044247edd65f2d29f3540be7
-
SHA1
892e34e6cabdeea13258d7e7e7e098a6820afbe2
-
SHA256
2506cbaa56d9893a48a39a5d991f34da06122deb55efb3979a7629684d24ce78
-
SHA512
3da26f98e66a15cdea0f223134eef790fe6ef6d8a602e5e6e169b347c056a660f7eb18e1adc85c5d269ae148b3722b179ce1cd00edf1b90b8ed989d723485dd3
-
SSDEEP
49152:ASpt6A7Uxqy3DuxRRDBwiRih9BSUO2+54DnS06eTadHnvf:R6A7U8yTuxRIrrOh8SfX
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-