General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8811
-
Size
461KB
-
Sample
220928-j4e73agebm
-
MD5
967c83d3b836283648ededfd6deccbb2
-
SHA1
05d0066d85b7a3396f0ba3aa3860b4b188706df4
-
SHA256
364f5cfc6c99c0b408090af7528505844b1b33853c5ea7930420d8f11b4ca011
-
SHA512
2db5a17e6130c9c0746b1d0f8d8cc34352c3d01e02de02468de4d818808fd7a8357bf95e3e0184bb4997d599342cd7d21190f1b427cb6ad525690b2ec4389085
-
SSDEEP
6144:erJQS6I+8yxiQQ7i7w1vWwk1agfIHDK+C0nY8kEaRMva+:erJQS6I+8yxiQQ7ZoH1acaHdY/EaRMv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
i3tw
016XYOaa546POq6CaRVpEfQ=
6WCLUcRz6K7qTqIK
bIa/9uWTepQa6eQd
32urdxWXgrknUIeDYktb
EojfLVA0GyB2mYgMgzdT
jFbHYJhPwpebnHjAY0pZ
gxSusEwA30uVtrErCrQ=
EeJOmOn63OaCHIw=
r3K0jTvKtOR4EV3q1dOdHgYVCLVG
6LEakplWzoSSLXZH3t6XDQ==
MThmlLavncxvAo1f3t6XDQ==
SqUmLs+BeJfa69kp7qSmIfuU5K3ZMg==
GuIYfF0o7zGPJY4=
AEd4Wd7JRsdzBX9dPgO7KNJY6NX2Sga4
E1SDU8MxGoZaPFgn9w==
cIq96QyWC/k1XDBRTR9FQOaLosd4Og==
/zRZMuaxmZnX291wZQCXhiq1his=
+47IMmwvk2jyx7MA
IGKz6DH4iraNLQ==
Kh1gHpxbw0MDkwSyaOqjKgTlK69R
us77JxjUuzGPJY4=
bC983vu5Hwnh+eoR
pdfCGZchzH+9Hs68nxRbFgDlK69R
kabYE/2zj2ZdPFgn9w==
BhI+iLy0k5Ua6eQd
4V2vpLCkyb4P
rrEyqp4Mg5Ea6eQd
Nkifp0P/Keo6V0XAY0pZ
az5/L7xt0pDaQZJM/w==
d6XhCTP7iraNLQ==
NwNOCK2nJsCCGWr12NCcXhDgGQ==
0pkGiLBz2bwcNxlnOAC/LATlK69R
4qjJEQCekQDIZbYuonWNGg==
5dNGyOCRCPY2SUXAY0pZ
ssRR9ScjBPgqzUtN3t6XDQ==
GrIxF6RjVYMEGR+7evq5ojzSjCE=
maw32ybYViMzNRVxQRs1XhDgGQ==
WGCaofq039IX
/0SJ2fdj5e94WyMyCYtR
5TJ3VOyYj9pid07AY0pZ
cW/ihZsFcIgPmkOJS7w=
9Ey+siSOdAoNpBkvA3bCf1/MiiE=
Z7CgpQK45+cd
lGbek8rHuzGPJY4=
WhFRKdfJO+0PKhsL9m70cWqJF8BtLt4=
3+Bh1+BkxpqluJymfUhlXhDgGQ==
avd0XfqiiOTB08oQ2FhO
5kDA0jzlUuzJXNfq338j07tm5K3ZMg==
eoy5AQ7Hui3/pEOJS7w=
icr0JUe9M2IyFvEf
3fEpdW0rGRtOXUuHdmAYifnIjyk=
ioD7d4w3qWlcPFgn9w==
EyRVl3we8e8vSzyUcRCiH71nlT4=
vspQsfo7iraNLQ==
OQBpBj7RNyNkhm5vWRAs7pw3P5D1v9ie1w==
6/IbWEX41ex/I4gb/oDSm3sKmyE=
o0nAsSICeScgw3sB1FwjBQ==
3BpuXQPBrDGPJY4=
AZXGKFwRdR8rRio33t6XDQ==
sUTT0UGjo11oGZp3QQc1XhDgGQ==
Omyf5wuZ/q7B3csQ2FhO
JjRksfirIvz9nR9xRrY=
3POP/+9y3dMTvRHrzWcHwizNEw==
/RA5X31zbnKiwq6+sVb8hXAVE/LesM8=
voaguria.com
Extracted
xloader
3.8
i3tw
016XYOaa546POq6CaRVpEfQ=
6WCLUcRz6K7qTqIK
bIa/9uWTepQa6eQd
32urdxWXgrknUIeDYktb
EojfLVA0GyB2mYgMgzdT
jFbHYJhPwpebnHjAY0pZ
gxSusEwA30uVtrErCrQ=
EeJOmOn63OaCHIw=
r3K0jTvKtOR4EV3q1dOdHgYVCLVG
6LEakplWzoSSLXZH3t6XDQ==
MThmlLavncxvAo1f3t6XDQ==
SqUmLs+BeJfa69kp7qSmIfuU5K3ZMg==
GuIYfF0o7zGPJY4=
AEd4Wd7JRsdzBX9dPgO7KNJY6NX2Sga4
E1SDU8MxGoZaPFgn9w==
cIq96QyWC/k1XDBRTR9FQOaLosd4Og==
/zRZMuaxmZnX291wZQCXhiq1his=
+47IMmwvk2jyx7MA
IGKz6DH4iraNLQ==
Kh1gHpxbw0MDkwSyaOqjKgTlK69R
us77JxjUuzGPJY4=
bC983vu5Hwnh+eoR
pdfCGZchzH+9Hs68nxRbFgDlK69R
kabYE/2zj2ZdPFgn9w==
BhI+iLy0k5Ua6eQd
4V2vpLCkyb4P
rrEyqp4Mg5Ea6eQd
Nkifp0P/Keo6V0XAY0pZ
az5/L7xt0pDaQZJM/w==
d6XhCTP7iraNLQ==
NwNOCK2nJsCCGWr12NCcXhDgGQ==
0pkGiLBz2bwcNxlnOAC/LATlK69R
4qjJEQCekQDIZbYuonWNGg==
5dNGyOCRCPY2SUXAY0pZ
ssRR9ScjBPgqzUtN3t6XDQ==
GrIxF6RjVYMEGR+7evq5ojzSjCE=
maw32ybYViMzNRVxQRs1XhDgGQ==
WGCaofq039IX
/0SJ2fdj5e94WyMyCYtR
5TJ3VOyYj9pid07AY0pZ
cW/ihZsFcIgPmkOJS7w=
9Ey+siSOdAoNpBkvA3bCf1/MiiE=
Z7CgpQK45+cd
lGbek8rHuzGPJY4=
WhFRKdfJO+0PKhsL9m70cWqJF8BtLt4=
3+Bh1+BkxpqluJymfUhlXhDgGQ==
avd0XfqiiOTB08oQ2FhO
5kDA0jzlUuzJXNfq338j07tm5K3ZMg==
eoy5AQ7Hui3/pEOJS7w=
icr0JUe9M2IyFvEf
3fEpdW0rGRtOXUuHdmAYifnIjyk=
ioD7d4w3qWlcPFgn9w==
EyRVl3we8e8vSzyUcRCiH71nlT4=
vspQsfo7iraNLQ==
OQBpBj7RNyNkhm5vWRAs7pw3P5D1v9ie1w==
6/IbWEX41ex/I4gb/oDSm3sKmyE=
o0nAsSICeScgw3sB1FwjBQ==
3BpuXQPBrDGPJY4=
AZXGKFwRdR8rRio33t6XDQ==
sUTT0UGjo11oGZp3QQc1XhDgGQ==
Omyf5wuZ/q7B3csQ2FhO
JjRksfirIvz9nR9xRrY=
3POP/+9y3dMTvRHrzWcHwizNEw==
/RA5X31zbnKiwq6+sVb8hXAVE/LesM8=
voaguria.com
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8811
-
Size
461KB
-
MD5
967c83d3b836283648ededfd6deccbb2
-
SHA1
05d0066d85b7a3396f0ba3aa3860b4b188706df4
-
SHA256
364f5cfc6c99c0b408090af7528505844b1b33853c5ea7930420d8f11b4ca011
-
SHA512
2db5a17e6130c9c0746b1d0f8d8cc34352c3d01e02de02468de4d818808fd7a8357bf95e3e0184bb4997d599342cd7d21190f1b427cb6ad525690b2ec4389085
-
SSDEEP
6144:erJQS6I+8yxiQQ7i7w1vWwk1agfIHDK+C0nY8kEaRMva+:erJQS6I+8yxiQQ7ZoH1acaHdY/EaRMv
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-