General
-
Target
tmp
-
Size
62KB
-
Sample
220912-fe5jwacfc2
-
MD5
372c389955436b05a3e27c628f2f3dd6
-
SHA1
9b0e47953cfc4e4b314123966591cd72b3531426
-
SHA256
1584b24459df523db2d980cb45d3f3c4f010ed2c5b7f79312faad51ab3ee2abc
-
SHA512
8b9b41953739028ab668e39a95c974df6e0132fa6d85c29b1fcefcbc9c25b02ffcd1eb71c7a6a4814c5a624a99c279b752b705d286933bb71f798f37e706a40c
-
SSDEEP
1536:LjO/wOIXQFwWyE2IIq6KwTypLwCV/Gg3xLFrHtDGGZu:djXCwMIqnwTypLZ/PxrHtDpu
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
systembc
31.41.244.183:4257
194.36.177.46:4257
Targets
-
-
Target
tmp
-
Size
62KB
-
MD5
372c389955436b05a3e27c628f2f3dd6
-
SHA1
9b0e47953cfc4e4b314123966591cd72b3531426
-
SHA256
1584b24459df523db2d980cb45d3f3c4f010ed2c5b7f79312faad51ab3ee2abc
-
SHA512
8b9b41953739028ab668e39a95c974df6e0132fa6d85c29b1fcefcbc9c25b02ffcd1eb71c7a6a4814c5a624a99c279b752b705d286933bb71f798f37e706a40c
-
SSDEEP
1536:LjO/wOIXQFwWyE2IIq6KwTypLwCV/Gg3xLFrHtDGGZu:djXCwMIqnwTypLZ/PxrHtDpu
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-