General
-
Target
DOC20220913-56789098765560.exe
-
Size
866KB
-
Sample
220919-dxf8wsabbl
-
MD5
76a90279d9751835bfe078be3d90f819
-
SHA1
158ecb15776a0a00da5b10a816277a56adc3aa0a
-
SHA256
46cebe7371374cfb5e81001a02ea876e69e8ce2605e6c6afa99de8ccb937abb9
-
SHA512
08c1e08e37d06aa779cec47eb4a1f241d35fc5e59fcf03825bcc836a66f00afe40bbf337750edef72941f51c3bbfd127d73f12df876a7c949a4f7fb1725b6909
-
SSDEEP
12288:i4xAkdUsXuJ5lZ7vgQOzCLYYhBmO9P/3v4+glMVxd:VVdUTUQOzANwO9Hf4
Static task
static1
Behavioral task
behavioral1
Sample
DOC20220913-56789098765560.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
c1no
SKHcqi+am5xGsHiCoXnH
BObxRpdRlNT5GCo3Eg8azNIQ
GPkN2SZ9gJOYqn4iaNIH6d1MRlk=
ZrdQ6Q4zd05LBFWPDc8=
KYQZEtvg85sq1t9jd7kazNIQ
KWu2/CZdnIFgf0p8
YlJ9mWmf+XkCjxzXSw==
nPeaENkZPzjWSh5DJiBVhlrTSx9V
GfUN8rKft59DsH2CoXnH
5ThnVCgjBm96jxzXSw==
pfb0D48Mk38v
uK6V0h16ziJXZuQ3NR8asKzT2Q==
QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF
QT12wt/a0nsdrbY/oSGKqcq2wQ==
vfuiENwZZrvruTm5lHDF
iNsQyVnb3NHbtXyCoXnH
9jjn4jP8RyrjBYwNPvtfPg==
Wz1uwtUpdbrpwZXZq5HpXV7TSx9V
e9+RDvTx9HSZej/7PvtfPg==
oAeNwswNS6QgtnOdmcc=
qPubLUVHnOVnrg==
5hJj3x7DBmd7jxzXSw==
UJPc9LGnoAkXANI6tm/Q
AEuW4O/a+50iqzbmTQ==
zBtaGow/nqJDqD8o99ARRpY=
lvVy19o2FG5RbnI=
C+Mjuwiv9D38YjFlKlDxbWjTSx9V
EGubVd1LTkbdRNVPEzrP
N50fT05CnOVnrg==
KwYs8G/W6/uqC1DKQQ==
GFmHQM49XbHM2bRgzkGXqcq2wQ==
6ccOQNIwJxy1N0aCoXnH
QwoOaEt9su8HvXiCoXnH
hON/kiKJdadvQRQ5vYqtBI/Sh1E=
JGudBVkGfnujw8zRpsc=
DHAN9KmqplIDRg7NHtfRAY/Sh1E=
ugtLD50RHi3ap2TdSA==
sv8ZdLAjTJCpYO/ZTNARRpY=
BVPqCaFmwbZLyJndw57aPiss/NU9Zg==
In8wuf5zZl1ailWPDc8=
MHO6dBG7C2WDl1WPDc8=
5T97jQThPgkR5H4=
txScCkbBqZg1rH2CoXnH
VqP4PVVedxRNo25u/M0=
kt1nfiHFBWmSlKCQSmlupPSTQzpf
Q6pfESIJFHV0ekl/8MU=
W6v5CQA/FW5RbnI=
qA/HpzO2t6JB1+xLGAAazNIQ
LhI5pgG1BU1iiFWPDc8=
l42eVNJBRDM3ENwC9woazNIQ
eV5oGYwMk38v
DGILBVIJd5VP29dfyjuEuqGtbjMGkYXQHA==
sRdbmrbhGtN3rC+pwRONbN/IxlnLswMRFA==
twSnE+Mjg3oUTiBl
NosU+T2QjZyXm1WPDc8=
1TBn3TWymYsceDt3aLs4EtKbDIn2AsnF
4x5ht83A0Fx3jxzXSw==
0bnTtIWxGSgUTiBl
Oxc26HoHPXh8jJmR9E2zpC8t/NU9Zg==
UJwXuNYZSX+CklWPDc8=
zy1cD5Nys5RApmS1vQ2Vqcq2wQ==
Bd/1wxjHHSgUTiBl
KIQZq6PLHaPT09biuNHG+I/Sh1E=
f9gJPU9ERcTWvpNEsTKTqcq2wQ==
frankrijk-stijlvol.online
Targets
-
-
Target
DOC20220913-56789098765560.exe
-
Size
866KB
-
MD5
76a90279d9751835bfe078be3d90f819
-
SHA1
158ecb15776a0a00da5b10a816277a56adc3aa0a
-
SHA256
46cebe7371374cfb5e81001a02ea876e69e8ce2605e6c6afa99de8ccb937abb9
-
SHA512
08c1e08e37d06aa779cec47eb4a1f241d35fc5e59fcf03825bcc836a66f00afe40bbf337750edef72941f51c3bbfd127d73f12df876a7c949a4f7fb1725b6909
-
SSDEEP
12288:i4xAkdUsXuJ5lZ7vgQOzCLYYhBmO9P/3v4+glMVxd:VVdUTUQOzANwO9Hf4
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-