General
-
Target
RLOI JS01-2pdf.exe
-
Size
371KB
-
Sample
221003-lg2hwshdbm
-
MD5
f01b2bb2e92cd7e511d5b30bd09decac
-
SHA1
bd15c817b686c0296b38422551759e9bb4a0f6fc
-
SHA256
16bafc095597c2a0de4683bf79e757cf460a6a783acab20c97efa71b323c0100
-
SHA512
68fbaec7ad4abe2b8e3cd11f41fa1ecc004eadb1106f26ed75cc73a2b1ee20e5f7c8057a859915d0a71b84c32715507f69045fc8dc23673fe0401a25068eb446
-
SSDEEP
6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/H3f1NsjEXL2eDAFoH:lToPWBv/cpGrU3y8tG4jEXLHDAFy
Static task
static1
Behavioral task
behavioral1
Sample
RLOI JS01-2pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RLOI JS01-2pdf.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
RLOI JS01-2pdf.exe
-
Size
371KB
-
MD5
f01b2bb2e92cd7e511d5b30bd09decac
-
SHA1
bd15c817b686c0296b38422551759e9bb4a0f6fc
-
SHA256
16bafc095597c2a0de4683bf79e757cf460a6a783acab20c97efa71b323c0100
-
SHA512
68fbaec7ad4abe2b8e3cd11f41fa1ecc004eadb1106f26ed75cc73a2b1ee20e5f7c8057a859915d0a71b84c32715507f69045fc8dc23673fe0401a25068eb446
-
SSDEEP
6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/H3f1NsjEXL2eDAFoH:lToPWBv/cpGrU3y8tG4jEXLHDAFy
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-