General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.15814.13814.exe
-
Size
1.2MB
-
Sample
221004-k7a8ysadd5
-
MD5
6aa5f75d805cdd7f85f0d2557baad857
-
SHA1
6624b51ae972cbe99903c897c9664c72369782f3
-
SHA256
fe084e5fcd96061325aafd4528aedf59f3385a5c1bbf9daf3337ba1cabf4488f
-
SHA512
0862f8dcfd782f0ecf30b57c12c00b19b20a5f31665a9bfeaf1263048030e91fdb9fd01af8ef76c35f3121785724ff1151692636d3eb7fbacc22665d2aa116c8
-
SSDEEP
12288:FftjvJ4/XAISq1kmsoPIPDzRJp5urond09qRdQEQR150nZsLVvhoQtckql6AK4HQ:FSK5JoPIF5DndcSdVa15JRyQt
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.15814.13814.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
fofg
FHyydxpFBs0S8b4ZlP7ZEtd/
EVaCEKb/cVV9xQ==
U9I5lke0IuU7vj5EXus=
rXD3AKPV3qUblOUsV41KMfU=
PwBSy5z56XNzIvnS3ygsKv0=
CQe1BLbSnGXX
HuhKjxhLhxqBy2FFz8WoFA==
QJymezEoLOFZ1T5EXus=
V8r5PAdwuGK2AUARohas
b1XV06ANH9s5uj5EXus=
3EiEhwo7Euw2tl8=
c2PjK8Izkydy5N8x
CXCkYf0m/qPrv8QajKyT6Oo=
pHjy+Mk0CqvWBXdCz8WoFA==
QjSwr3/j5rAyvz5EXus=
+edxANg/sU+k8YFQz8WoFA==
tWiQq3rqyl6cTAG9pA==
GeAyMQxBUOlDwD5EXus=
nQ5eoT2mEKkhDN2DwBek
JP5dIbHlrXXR8umDwBek
BMT8B9n1OyBvqL+WUSgsKv0=
RSeJYDyteizAdQbSCyHeYCCMZL1A
NOgCENlCLthl5TV9YsWpTzHAdjCmUw==
s2npDaPJBhAdm10=
TXr1YfxiKOkqcgfcHV092XmTHA==
aTXN1nHe/gVFvD5EXus=
TS+nK+9V4pW+9cko
GuBk6sExhxNLr7wYhPbZEtd/
oHWjdWHDv228J/jg0q6xYvzLcxRiMhI=
z6pB06UWdBZHuj5EXus=
nZ7gYT4zv3fY
gXHxw16/sjbOAABSuAnZEtd/
m2asNcPsiDe3I27NxByg2XmTHA==
leg4fQ1h3ZG+9cko
AmB4B64SvFJ6t1G2z8WoFA==
7agWYtMw0Wu2yptkrA==
yzl7iRI/QhdFiRV+eQXh2qsEinZosxo=
gcntJ8YrjSVy5N8x
hmi6U/JgAY/CyptkrA==
/2edLM81848QdjaiqyLu051h
57A/tEumUOZ3Nc6c3Q/aQx8Hiq38AvyPxw==
qI77ulvxShNayD5EXus=
IPA6VOUd6xAdm10=
6LAL4bkhuGHG5+WDwBek
06pAU/Af78kc13PYvx2l2XmTHA==
LhRuu47pEuACWUo=
98ue7uq/cVV9xQ==
Vxxkh13O3ZwXwlcqp5L/6OM=
XhYUTkQR6hAdm10=
RQE/ijRllTFI8umlUSgsKv0=
+2bIH8U2olR6PVYuAlnzaCaMZL1A
BMQ9MRDgCcoYGZlxF2gFHXp1
fmrbKPeT/LD1azf/CIEZLeKVCw==
ajSLMtRD25W+9cko
8LTyD9cHcVV9xQ==
mFi1hCWOhw5Huj5EXus=
FXSUHb8h45vFyptkrA==
lWmcMf1mwF2BLzwh/FncUzfPgHZosxo=
guwbCaTRfBKGAXWKUHUf+e90detZ
QhxpJrXlmzdKeRDrnCjfixcSwulI
Thag+Y/veDtRAOqDwBek
Z0Wp7pLMCBAdm10=
bT9HyWnOXhWYztVF4moy2XmTHA==
kXbZHKvU/Iq+9cko
richardcrebeck.com
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.15814.13814.exe
-
Size
1.2MB
-
MD5
6aa5f75d805cdd7f85f0d2557baad857
-
SHA1
6624b51ae972cbe99903c897c9664c72369782f3
-
SHA256
fe084e5fcd96061325aafd4528aedf59f3385a5c1bbf9daf3337ba1cabf4488f
-
SHA512
0862f8dcfd782f0ecf30b57c12c00b19b20a5f31665a9bfeaf1263048030e91fdb9fd01af8ef76c35f3121785724ff1151692636d3eb7fbacc22665d2aa116c8
-
SSDEEP
12288:FftjvJ4/XAISq1kmsoPIPDzRJp5urond09qRdQEQR150nZsLVvhoQtckql6AK4HQ:FSK5JoPIF5DndcSdVa15JRyQt
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-