General
-
Target
CORRECT INVOICE#202209.exe
-
Size
894KB
-
Sample
220921-hw3sqaffe4
-
MD5
c4459a3e0613837be0c1c55cefb37c59
-
SHA1
46cf99db96041a1617fea771eb648ed801de7e1b
-
SHA256
ed63484bf6e586590ef3cd03db258a28144f70dd1322c1cc5e08cc52654a1838
-
SHA512
c596a32983ed238a25802ead405d8f396adb0b1cbf520c61d655b8d19917970f9ae118ab2e6cd100b5eba0e33d32bbd527914034c7963ba3bc49dcc26699e4f6
-
SSDEEP
12288:E05aL148SMvCT7F01+CQ98LEzSioXHFQLkenL+xqEZW:p8lCHUQUEz9jnLoV
Static task
static1
Behavioral task
behavioral1
Sample
CORRECT INVOICE#202209.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
CORRECT INVOICE#202209.exe
-
Size
894KB
-
MD5
c4459a3e0613837be0c1c55cefb37c59
-
SHA1
46cf99db96041a1617fea771eb648ed801de7e1b
-
SHA256
ed63484bf6e586590ef3cd03db258a28144f70dd1322c1cc5e08cc52654a1838
-
SHA512
c596a32983ed238a25802ead405d8f396adb0b1cbf520c61d655b8d19917970f9ae118ab2e6cd100b5eba0e33d32bbd527914034c7963ba3bc49dcc26699e4f6
-
SSDEEP
12288:E05aL148SMvCT7F01+CQ98LEzSioXHFQLkenL+xqEZW:p8lCHUQUEz9jnLoV
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-