General
-
Target
Oferta_DGERRJGHJFDFJ60302000000000000000000000000000.exe
-
Size
559KB
-
Sample
220928-r88zyagca7
-
MD5
6de757042d9f2e530d7fb649625ef961
-
SHA1
88f6612dae4ad693f57dbe2b86000781e3e16087
-
SHA256
8b9d203307ae4697cbecd2064aeadc745c280d25d849db7d379a8d50376fde0c
-
SHA512
302746e6dc2515d4b4a40c8be3ad101206304d84b26f6166704bbc06fddad41a57130d4ec92dbcafc68c23e4f6afff9d38b6dfbb8f5d3f9cf149d6b52968d347
-
SSDEEP
12288:HToPWBv/cpGrU3yxlfmoU5V2INX6ZaK5zuF:HTbBv5rUsfmoWV2i655aF
Static task
static1
Behavioral task
behavioral1
Sample
Oferta_DGERRJGHJFDFJ60302000000000000000000000000000.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
f4ca
QYZ6iE9Y+CsiZpCBareS0uU=
N2FQLAaH6xXE
Vc6t0MQXN+Llxsqg
ElBedmSvYGGm6yLDhHqzAtmlCxWl
4VpIWShqHR5cpjfQ4bs=
mepO9miu/iFiQQ==
Z8Owqh54IlwEpDfQ4bs=
qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo
IaYYoJikKDDqgV/NigZCLA==
4Xz5pfoCCW/76NnOUrFEOw==
xiijSkVJ3Yuh9OKDcmui/d2lCxWl
cr8MmfpCEu0ULsO3p6w=
JLm2yKHo7hdVb8O3p6w=
Hriy5svWm2Qfq9mPQib9jJI65gOr
2G3nkRpidunlxsqg
gPHUAeXmi8Q9ARy3
6l5WaOf8BxhQDkp5gKQ=
KHHiXs4WOqXZdPhpaw==
+UQ5Vz5O0Ms9ARy3
pNQygKu0OziAvjOHRGLnJA==
M5qPrHO70XILJV/OigZCLA==
Bwz2AdUUvLPoNoBcySTO
KJjsht/Of6qQeYo=
9RZ4FHl1i9tjjLtcaQ==
IHbpfXRupy3AuY53YbeS0uU=
b6mkuLnwenslCkJjG1iATee5mGNJZA==
8zSsXODtGdFshtAAq8/84qAdyWHlSRb8OA==
1mO8Rr4ZsdaKHyjIigZCLA==
/ui43zLv/iFiQQ==
awBv/mmr/iFiQQ==
FzPXOR1MP6LCeacQ230v4cZCSg==
71peZiwr4LDIKTXLigZCLA==
skAiLfTuomFyKFjKigZCLA==
MWxMWMDIzlv8FmCRTC1sEK8smGNJZA==
bdIXrhYkUpPgGFTGigZCLA==
KVi0U6AAgX0bm69LRH+44WFEXQ==
+D5ILQaH6xXE
KXNjcguH6xXE
uUw4NsLMwznO8DCok5284WFEXQ==
bpTmlRJhlBtTIWXQigZCLA==
hgLX9+LVB44xMU7MigZCLA==
9eIK+99sbak=
wEQyQx5W7vq2QGYf2SZtRqSoV+8=
ofjaCQZVBhGwWZd9YbeS0uU=
suPZ6swTIqqQeYo=
U+ZbBWlkdr7vEzXhm/mwHhbKuJ19fA==
1l/oh36HBv2RMXxcySTO
d5wkrq+mz3ZP/1W/
y+Za+XOo1HklJE/6tbU=
MrobxTxIXZ0lwwDx8DuhOB2u
h6nQ6B9ca6o=
niYQHxujFCDG
ITyqOJbtbWmceMO3p6w=
exCIJzB+kFbIzsq9Yw==
R8BN7ertksNfB0c2MGKdjFrtlax0SRb8OA==
ygaUPcYVRNRoV0lrZaunAPI=
u+BS4kyibTLlxsqg
FX5XcVKp1I9JHmyinq4=
1AABJPxNW5kknYkiGzgpWCrE2uc=
e7KTvkWOes4AQHtcySTO
Y8uNpo+SKOIIwvSkOLeS0uU=
wvFsBI3N3VmiZpqxcLeS0uU=
o0s+RSt6lUPH8xcD+W3AEgKm
XCJ0FKy6zloOGiRYXbeS0uU=
mettafizzix.org
Targets
-
-
Target
Oferta_DGERRJGHJFDFJ60302000000000000000000000000000.exe
-
Size
559KB
-
MD5
6de757042d9f2e530d7fb649625ef961
-
SHA1
88f6612dae4ad693f57dbe2b86000781e3e16087
-
SHA256
8b9d203307ae4697cbecd2064aeadc745c280d25d849db7d379a8d50376fde0c
-
SHA512
302746e6dc2515d4b4a40c8be3ad101206304d84b26f6166704bbc06fddad41a57130d4ec92dbcafc68c23e4f6afff9d38b6dfbb8f5d3f9cf149d6b52968d347
-
SSDEEP
12288:HToPWBv/cpGrU3yxlfmoU5V2INX6ZaK5zuF:HTbBv5rUsfmoWV2i655aF
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-