General
-
Target
Bill_for_September.js.zip
-
Size
74KB
-
Sample
220921-1z91bacfhl
-
MD5
3494fc2f6b4202b14ceda6405307950a
-
SHA1
fdd2c7d1f07ff74450810910b28cdf035a9e6386
-
SHA256
8f9470bd79fd7d046bd36e69684507151ce3120423dddb89c53574133282ef79
-
SHA512
4f64b17720b23f96b2d84cfc7d076bc1223f5ebee2c852c9fb501a613feaf5f7a21229be912e8174a57a78bbed456210e0f444e8428e6b894e77622d25ea3634
-
SSDEEP
1536:7ofZa7JWYz61RsUJ0sKCdNugdvcXYnJ0AYzyJ:KZKzSWT5ctcX+hWyJ
Static task
static1
Malware Config
Extracted
formbook
te2r
Fd9/7zupFcFsmNMDWQ==
7VlRReDWtbu4LUTd5fNe/zPDyw==
jQgurOY8oCSzrjSP+2/F1jU=
xTMzpNwUaiHAy4+Anaz1
RcLapxVS9iOZhw==
lfLSnVItJp+5ImXLvcrLFTUXRmDxTnik
vj9fMOxFLjrOtdhP1GZo0KXIQ388
/91mgBbtxFIxtQk=
4FZ0aRyH/rEdFibAy+VjQyWIUIZaHBQ=
ScHdt3/t4FIxtQk=
/M9svqdL9iOZhw==
iFX1abANxkj893bVWA==
KzjvVANMpiTBmg==
aEKKEue7E9JtmNMDWQ==
+Mdhw6992svnUbzeo5y0zSn+B2co
albc98wrE0xtKjOoOOQ=
DV6CgU6omcjeZ6bJEG/F1jU=
NH981rm1JdyUNRd1
yi0xIqrxV83bmNMDWQ==
v8l52aXp4VIxtQk=
WMLesyFk2GDrymHL6sJhSA==
mwPvLC+p9iOZhw==
sRcXd1s8v+8ZeG/MtdpqB8uqeVfTxWqJgA==
NrXLmPbOmdX7f7oO2+HlKBajNSM=
rA4qraHeGwuv
81Vavo7TvrmUNRd1
6zFRRxZbN3eOC4Hr/tbSAmYB
NZ20hOzkzFIxtQk=
4W5EBEiJ/efwW2CAnaz1
jvkGKZ7zYuVfhLMOmEQgQA==
n40TaKr5UdZhmNMDWQ==
QL3juFq3IR6LgQ==
ovf90FAiAW3yz0Op6sJhSA==
6dF92/I1XmyZCQxr
pqRGRv1Rfm+K3wY=
ziAsyBFi9iOZhw==
j/n54WNFS/ujqXbX6sJhSA==
uBkjoeEzjwWGVsU+u1ku/zPDyw==
Ani5vYjvBambKG6rJLhY/zPDyw==
bewGzHnhwLTDLE+1kLrcJRajNSM=
Z7W1bBp0c6WV8SJFWjIzlT0=
1lZ79TmoGbM5AakYEza8lVG3hCW40A==
69WD6MoYDTxPzSiZELCTchajNSM=
QkTq40YlGuHCQ8H3Tddh/zPDyw==
XjK6Kjgdi4EUFlG6kKTIJRajNSM=
o/0L0WnZUQwEis1i
l51TzuC8OmWF8kZbKF4kQA==
pvUA6lqaFcVbWC2nwdvkciMJ
qPv9bbUJYOMYapyxk6/9
WiWSlWa+q9bHStE9wmAu/zPDyw==
+Op+6vPJLmbVxmPGUQ==
cjzGJW/JPy3ftZT1u9dd/zPDyw==
aseyfK4eDFIxtQk=
8uikGFKVGmLmwx4=
UZ2tszMF83SrDTxrgn2zXw==
LkLuU1I9trBxN5uA+qri
cvkoGOM9Gxivj3rgt+Jy/6KzTYDG1g==
qqdGxb3/ATVGjH28oW/F1jU=
E1lmbvY2kxZDodQ3KkV52EnisfrxTnik
EVpoA7vkSf+jqXbX6sJhSA==
/E5pOdTcxTFIksP9X9xm/zPDyw==
Mf2d+QmwiFgEis1i
A/2zGEmV7Z4/QFdu0W/F1jU=
Kn+6hS0A7PeUNRd1
riskstudio.uk
Targets
-
-
Target
Bill_for_September.js
-
Size
117KB
-
MD5
0d4ce6bd62a6939871782dbf6dc33905
-
SHA1
c59f4f36d9b46b8e4c131401fa4054f50450e245
-
SHA256
4fcdcb3039331525724bfeb0cbc97bd0893de48d4aa4ca95e282f0a8f2a1a5ab
-
SHA512
07b7f3d7cb81a48c90f21bfdf22b0f6cb3941631ab14d05004b813f031d0c5b41538818e4b8c15b83081f48f522adce9b3e01d9f43cf3d202d142f0ea806aff1
-
SSDEEP
1536:LfgQ2U241TiKP3/qopoIo8kQjZs1BGMLOivlSPPQh7l1GCVbabMOijrkJpQt:BVxiufpoTnBzK7cvhaoNr1t
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-