General
-
Target
Revised_INVOICE#33.exe
-
Size
539KB
-
Sample
220925-l2sfqaebh7
-
MD5
346a2aaa5fdfea36087768373fa25765
-
SHA1
4357033767b9d23d355985d9af643d3bd4a3033f
-
SHA256
8d00d02dd0069f5c8d5b73b989db59a5a8a22a646c828d08aa1a48f1c1a11450
-
SHA512
91a942798edd2045831fbc5426bc1d3e3b7ad76a6692019777f116744c133f53873204382b8c87c22374d003ecfc23b790681bab56865628a92bc1b4c33306e6
-
SSDEEP
12288:/jz5SUiI/xltnqjpsP4T1+sAeWI8Wak3xXwR9I:355iI5lBqV8W1+sAeZ8EwR9I
Static task
static1
Behavioral task
behavioral1
Sample
Revised_INVOICE#33.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Revised_INVOICE#33.exe
-
Size
539KB
-
MD5
346a2aaa5fdfea36087768373fa25765
-
SHA1
4357033767b9d23d355985d9af643d3bd4a3033f
-
SHA256
8d00d02dd0069f5c8d5b73b989db59a5a8a22a646c828d08aa1a48f1c1a11450
-
SHA512
91a942798edd2045831fbc5426bc1d3e3b7ad76a6692019777f116744c133f53873204382b8c87c22374d003ecfc23b790681bab56865628a92bc1b4c33306e6
-
SSDEEP
12288:/jz5SUiI/xltnqjpsP4T1+sAeWI8Wak3xXwR9I:355iI5lBqV8W1+sAeZ8EwR9I
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-