General
-
Target
Fattoruso Tech Srl RFQ.zip
-
Size
441KB
-
Sample
220930-qqyktaeegj
-
MD5
8c0a772ecf8d1068df9328c63bd54021
-
SHA1
e354ef8e127848514518c3d37d3c677562810022
-
SHA256
33c3a1918527945f7d2ede01a423b626a051ccfcbd8a6479f340af0fe34752bd
-
SHA512
21f0e275ece24b2424b075d0eae7aa5b1b530cb806326189e88f764966080349f5becbfccc001607faea3526890f5c410925b9790e5ca762826265b6fa9fc854
-
SSDEEP
12288:nIwsVwwLfZy9ITqJguNqIdRqv3iUd+ZCBNVrWbPkdh:nbsaOZX2J1OqU8ZCNruKh
Static task
static1
Behavioral task
behavioral1
Sample
Fattoruso Tech Srl RFQ.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lizaneya.com - Port:
21 - Username:
[email protected] - Password:
@lizaneya.com
Targets
-
-
Target
Fattoruso Tech Srl RFQ.exe
-
Size
620KB
-
MD5
260f6e729e919bef46b9fde9584e62cf
-
SHA1
f9861fe9d82a7d8ac405b6a4adf8ebae60133692
-
SHA256
021a0fc05ac41240f0388f147781324d51e1a31ce772a628d7ad9705aad3a8d4
-
SHA512
6fd3caf7b08706ee8e24c60caf5d90d5a49091ebf362222fbdf4a40d8f20f0f658be318f67ca1f559ac9f5e56e5bfffff395e7b3f3f826a48d4f393016edadd6
-
SSDEEP
12288:HToPWBv/cpGrU3yx3meidRqvZuyd+ZgBNV9W3PkdE:HTbBv5rUKm20y8ZgN94KE
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-