General
-
Target
thtqtg.z
-
Size
243KB
-
Sample
220916-przzlabeck
-
MD5
85472d2cf09f107023d5ee19e2555513
-
SHA1
ac19a580b509fdc5780b1888059ebcbb0bc3e541
-
SHA256
8be898c1eda1bf171b3de470b284cd60bd8f1d2ffa879339cbc7e044e26ee5d7
-
SHA512
a2e24c1df413d05aff297675059a1988f9bafd44cefbc00d2658d67b66677290a68970d74b457db53dbcd85f30a50b9c1743ccf77fd56a0357981599c01bca07
-
SSDEEP
6144:hedxmqM+14R4GHaOtkq8oCA/57/aOdDjdqTaNE7EVTaYc:heH8OtARraEDjd2RW/c
Static task
static1
Behavioral task
behavioral1
Sample
Confirmation transfer MT103_pdf.js
Resource
win7-20220812-en
Malware Config
Extracted
formbook
q4k5
jQYgo8tIgmIc0mvpRb5x
WvKdh53xC7N4gDV7C595
3NZvdu4YVUEvB7v2l0Tm0SVv
/VRXhfIvRiNV3GOoZZPqieXuTd/oHzo=
iVrRnM8RfE8pow==
p7pocu0vag2HQeAi1Q==
jE3wz8cIIck7DaIRQns7/WM=
idYEkVhfx4USLm44
xQpoZwWMqZQZ0b+uff0=
1u0SiknP4Ls7GLQCxkszuinYzQ==
AVuV9lyovZ0am5kw6fg=
KicecBSZtmieUd7hkUDm0SVv
pMHRHY3n/dVlLQxECMx3
dE8S684NNa9pRNo=
2WKRICBuhDoNkuozMWGBGWPpliRqjw==
UnIpN/4ONxpFwu04CF57Ew==
lzTU5CR1jj6os+3Myg==
WR8IgU/HRPwvtA==
eACJW4jpYgiATdg=
BRYZUYK51HygS5kw6fg=
LCy5lutRkm/boz63mHIT7Bdp
OqnALPb+Yxrj
H7Ao9RaCr44SLm44
TdNqd8EUIQrVcJbmqns7/WM=
Ovh7T2DAyzk9G2c6
qHIM8wdzl2to+B9TLJbmqg/UzQ==
H7pNFDCV1ui2htKxcwbJnejwTd/oHzo=
vNT0V7UQMPRcGsM27gaYnNIT0g==
sulKq9weiSt0Hw5LcgU76gziliRqjw==
1i43j3PZBtqpen2SMLdz
xgX+Ty6gxXwgxm7pRb5x
dZW4RxqC4FRKvg==
nW0wETKj1MCEU/pDCF57Ew==
nVPCqNIVLga9Qkoq6opYA1Jc+wxo
NzRD0pr2N+UgpP49
b36rGb4ZWFA3y9zpRb5x
MfSCS2TYC/JySlsy
zQoyun3TCevkZrANJGb0qcYLERg=
2425INnkRPwvtA==
ol/Wnt1Jd3ItttLpRb5x
icUqei5ulVPrZ6L8t4xXF2tfq9bzUTqO
CkFeyHPpBuUbtPc/CF57Ew==
pzjDkYLH/O5ySlsy
KQa3w5OIQq9pRNo=
grzaa1nD9enouEzpqsRm
ZwSafJT5CO7mpC1gCMHReNKBi+VCthwmvg==
kMhzfwEvQfGqmTgv
ucrZKckZL9WDHjoOxCNQ+3Q=
LP6rl+oWWU8/EVIbqT5lFnJhrtfzUTqO
mvISpafy+9fLbHdC5Grm0SVv
UvqttwVjoo8H2xbmNLV5BA==
sz/iv8A4bS/jgJBiZmVlLIjzW2p3+R+E
jIiL+ZT5PCRYCK8saSbCuSSOAQ1g
FtWAh9IfPCayN3bZpXs7/WM=
1iNCt2Owt4vAfsLM738660xc+wxo
ZrC6CvFpxFdKtg==
rUHmxsf+Yxrj
Vy7Kg3zD6MuPMWjH93Lwp8YLERg=
vnsaLokBOjDaXpjzrHs7/WM=
+ZTHTkqDnQvEOllP739xDQ==
S2aA6IL1Ixx9PvN0xdqFRY+lpt/oHzo=
nKJEMVCmv3knrcJBGa1pKWs=
Dd7SLM9GsFSeMTwX1Q==
u3f82UW79J1PGrwW2A==
4222e.com
Targets
-
-
Target
Confirmation transfer MT103_pdf.js
-
Size
353KB
-
MD5
3e4abaeae68b400b3bb636286f0aafa7
-
SHA1
46aeb3dada4871e84cb7eeed98e9e94e10ceab3b
-
SHA256
34de6de1c42174a1529b1e2920c51b1efa300fff48902e5a8a3836817e12c25b
-
SHA512
28e6ef967408193b99d4ce4faa8f15fb334ffbe178156d4ba2e7f7849b57a6fe5d82c34bce7e8ea56997a076931d36792793948f6ccbeef1f97f82616996a959
-
SSDEEP
6144:tC5Lz6L8qNMaXlcWa+syZ3hL0sG6ZPmY4JGrx01gqyvCKaT80S2gGxC:tCtHa1cvVihL7GUSGKgzaRY0S2JxC
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-