General
-
Target
Order Specification-887762.exe
-
Size
742KB
-
Sample
221003-hsnjmacda9
-
MD5
03c2f941af8cede493cd177fbe9cea96
-
SHA1
f811f24a5bb048e5aaec2e7456bb6597c2408359
-
SHA256
10df8c533f48189e56d16dd5d04d838f592cfe8d6c1690fe29454ec308c6e12b
-
SHA512
2a71ef2dd5bfdad6a167a9b1c735e256cd6775614fe672e3e18a858fad87542b6c136383d5aff0d95739a496fb94d9b0ccf70cfa4903d8b5e81550628fe53b0c
-
SSDEEP
12288:1Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi+FqA/vJ1saEauZDa+:1q5TfcdHj4fmbv9VEzNr
Behavioral task
behavioral1
Sample
Order Specification-887762.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
qghw
xChQ23PgpSUcmpWLjuMuslhaM2JdOQ==
CW+fAqYA5jJmTUxKVCQtWo1M
2u+t6sYq3/El6wWQxrs=
X3CmNeyJR1gJ5UMD3zpr5ohLoprqKQ==
ig3FIEYxGixd
MLrqHMXkW6KgchF/zKw=
bFYIVkZg4yrqh1hU
W7nhL9Qzxgt3I14NUA==
RKzPUex3O7zImhsRl7sCLNE=
88SwOgQ5uheBI14NUA==
WTPEFO8WoVpu1hF/zKw=
l+D4dxIxsP9svRvT3XJ6rg==
ChLG86LRTZ8FuJpTi+TvYUs8ag==
TiG7RPiVV19GVEhJ
tReJEdUq4Oycdve2e1i6qw==
NJTJ54zHSaCiq8HXRw==
+H696YbukBW/km8p8coWYUs8ag==
rcDAPOhzanyGY753Op/aSnDvRuDL
GgbAVAacXGBGVEhJ
BtZzBcIBhp7mujAcm7sCLNE=
CXaw0WjQVphpWqhbLrsCLNE=
8aaAqcvoJxlXKJI=
sKBRoWh9AEwTI14NUA==
kULZTDIxGixd
hO9f4q9USZTOS7rBTpKu7REN+zgxIQ==
yiaeFawqF1hGVEhJ
02SW5qkn+IYQy7BzQQ/aS3nvRuDL
9VLRIUYxGixd
6fAgrTKJHmU/ppJYqvw6
hpiYwj9WxyS+lIh7is5UBPyyKm4=
3VlvvX4A+UKNc11PUyYtWo1M
/+JXlEvGvnmdsdSNS6Q=
SqSj76ipMqq7dzLhXwI8
7VbOUA8/sgwOcWYYZT7J7FhWD2Q=
sIJ3FtpJ+g7PnwDuitnSAipxCjKVHJ35eg==
ieT8kVSXIGPLQ6ZqIoHORG3vRuDL
Wazl3HSmFxUkII8=
7NSBnCiXVN3lnxcTlLsCLNE=
zGFEdx9kNIkNbNOOiiPhHXRGfQ==
IQe32nf96zyg8E1O3jsD6BAG+zgxIQ==
RPuViotPJRlXKJI=
3ECNeBZsPVK5IA==
6lJzlkl+Allwknt6iF0y
1KpKoE+YO1QTI14NUA==
qiZOiD7FiKN91BF/zKw=
LJaS36gl3fQ0Bv+scchPDDD1Mv/kHJ35eg==
IH55wIAC+TlnRh3V3XJ6rg==
FSrlFtol3GTYJo1EIvbqYUs8ag==
bNgIkTpY1Cb6zycaXYWsuQ==
t6ROkE+7bIpOLItFmbsCLNE=
RchAbAxnIpz11rt+xBxZVnZ+B2Y=
8tCK9pXtzBXPsyomaYADLdM=
W0A3vIjESKV8QqGN3XJ6rg==
rEFrqHluIrJR
N6PUVxRCwRY6805e
dWkRVRWgaOLnpSSYFQYt
ppI/ahKspeCba8y3OR9yrJnA+zgxIQ==
YOimDq8IrrRYKZxhGYHORG3vRuDL
rBKJEMxeUZxzwZJYqvw6
l+4Gcfh2SMAU3NKJT7MtWo1M
Q1d5A9ACe8qGXLl7QZzbSH7oeOyUMw8h
AIYFR/RNECNBLJZLnbsCLNE=
L6sfaClAuwQs1EsEUg==
rwj/SQkxGixd
heartofoslo.com
Targets
-
-
Target
Order Specification-887762.exe
-
Size
742KB
-
MD5
03c2f941af8cede493cd177fbe9cea96
-
SHA1
f811f24a5bb048e5aaec2e7456bb6597c2408359
-
SHA256
10df8c533f48189e56d16dd5d04d838f592cfe8d6c1690fe29454ec308c6e12b
-
SHA512
2a71ef2dd5bfdad6a167a9b1c735e256cd6775614fe672e3e18a858fad87542b6c136383d5aff0d95739a496fb94d9b0ccf70cfa4903d8b5e81550628fe53b0c
-
SSDEEP
12288:1Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi+FqA/vJ1saEauZDa+:1q5TfcdHj4fmbv9VEzNr
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-