General
-
Target
bcf7d54e905d4fbe92edfb185bf73f3c849aa383cc1a0e25b67c9c4292a141a7
-
Size
1.0MB
-
Sample
221003-a36h7ahdf5
-
MD5
788b37226d3f0a126a24396a0d4c90e4
-
SHA1
e6cf3e41c10e7dbbf9aba2a9c661124b794c0068
-
SHA256
bcf7d54e905d4fbe92edfb185bf73f3c849aa383cc1a0e25b67c9c4292a141a7
-
SHA512
4eef2460a5c21c1b7452dfeb5dfeb1a96fb2e48e69d01d0d8697b24884581d77f63eb7e2cd5ff743bbd6abef8ccd7adef20eda199c5dbb91448973f490dbfad5
-
SSDEEP
24576:9BxT7o15hf9CMU07DKiWMNT8e7EloFmGzHaI49CpV:9LTslUMF7DsCEljGv4wL
Static task
static1
Behavioral task
behavioral1
Sample
bcf7d54e905d4fbe92edfb185bf73f3c849aa383cc1a0e25b67c9c4292a141a7.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
bcf7d54e905d4fbe92edfb185bf73f3c849aa383cc1a0e25b67c9c4292a141a7
-
Size
1.0MB
-
MD5
788b37226d3f0a126a24396a0d4c90e4
-
SHA1
e6cf3e41c10e7dbbf9aba2a9c661124b794c0068
-
SHA256
bcf7d54e905d4fbe92edfb185bf73f3c849aa383cc1a0e25b67c9c4292a141a7
-
SHA512
4eef2460a5c21c1b7452dfeb5dfeb1a96fb2e48e69d01d0d8697b24884581d77f63eb7e2cd5ff743bbd6abef8ccd7adef20eda199c5dbb91448973f490dbfad5
-
SSDEEP
24576:9BxT7o15hf9CMU07DKiWMNT8e7EloFmGzHaI49CpV:9LTslUMF7DsCEljGv4wL
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-