General
-
Target
e30b884ac78c7ac7ac35da00c367fb2b
-
Size
899KB
-
Sample
221004-x15v7scab6
-
MD5
e30b884ac78c7ac7ac35da00c367fb2b
-
SHA1
742be2957bcd94a6061c3077f0339027f4849478
-
SHA256
8952f3614c3e5762a461e1b1b133d8e9c201a1863e61fade4f0aba5354ef5dc9
-
SHA512
4197425f9a4b48aabcd25d00d419cadac1c9eb9770144c65ff6fb31fd0c88a214e781f83574c4c18402a41decf9889383d863078d1354474b3e52f592a9ebb8a
-
SSDEEP
12288:ksafC4AySMa9QlE43drbz+MIFXWx1bWLPVqrZXJT2BU59vJ:8iySPEbdHzD2bViZXJTHR
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Pictures.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
hzb3
BVGWUXYpaaEaNSjsCHhJnDJz463cqQ==
CEqdZb0KaOLLbWqrDVTgc20=
nBv0jSFiQHxtE6awQnm2
E1sGpCJYtB8ImaguUyF6yQ==
PMBND7LzJGZH7CXulclbs2c=
u9zzlFGDXo6LLbGwQnm2
SaJjLbtVlMgsP5ZQRj4=
wckwEbwBbKA2X3g=
rPxB8ePUxfu4pilu
S562QFeKY5P//qawQnm2
BkEfWXZuY3ihKW8=
ZanakqMxkP7VdNfWdD4FGDqF
PYYbtzdINC1J0OYzQCk=
Fmg9LBxaPQ==
4eXWfoC06yGAkQ0l+Txs2w==
n68j2X6+CIhsD5GiCMYBsHI=
hRv6hpW3qfLbdI1XJ/J825G1TslJ+1JE
X6PAVGfwPHihKW8=
7zn1tkuDaZ2FKbGwQnm2
lB0m5ghWsSmMpIUS8EBM31l/463cqQ==
l9+AFK8Njc9C
RHkS2TSQ5mg=
+5d2+2EBePdmgUC4juLwhAozwBpJ+1JE
2CDJYHKCU33wHDf71wJasmU=
nOqcQcJNpQHtbLWtBk6B2BKC3nGu
5DrpfemL/GBR0+YzQCk=
1WBB2lWMbJaEFGVBEOhyzUGmO/wE8VVM
j6alTVV9wEa5160IUpLQ4wGC3nGu
4mh8GB+9K6OACTgF3wJasmU=
IDAKqyiqloA2Vyh7
O5Hjrs4LFfldbw==
U23Oc3SokdECZV7qyA==
+5qKLrABnAVb
HqQp24tAsiVIlTFz
YnBwLU2p+DdB2OYzQCk=
1tpoQtS08Gs=
5F1WUyajTZFzCmc=
nNJ9DTd1pOVFbUD12B7mUGCy83+3
RZ/KhZ/MvelKIlvryg==
mSq9dhWVjtisPVfshRsqzA==
GZeCIyVZtBhrh1nghRsqzA==
fbsOq3144mk+zeYzQCk=
rvwSr/PIk9i7QU+gjWuh
NjFwBNS08Gs=
y0haCyimjnihKW8=
Yqh6Mmu8+DOi06ovC2qA4cEFLg==
reumUsWxl8U3FkMKJ5lrxA==
n64VtWoYWqwdPv1b5kB80g6C3nGu
+zn0sPpKryNIlTFz
DlDKncH2Ffldbw==
G8q27dcW8zwfxhUgggJasmU=
VKlL8eYBnAVb
uQypIaJEtz2k1NOdhL+QsitOoRuYxuY=
TI5YIL0L+yEMXvwt3Q==
OoJBFc4aA0E81eYzQCk=
4pxm7haZ2VFG5R/w0wJasmU=
YK5Q+7T0vu3eX5ltUCKi+JquRsVJ+1JE
sMgkwGqEXZF5Hq2wQnm2
kwR4EJKBvwhZ
2zJV8en9zOpLIlvryg==
SclaLzK/GpB+LY6f9kHHThBxbDE=
WaLWiI2VdcKtT3h7mr7P4HI=
NYCpQw8uBu/EayWgjWuh
S5jus88LFfldbw==
vapes-shop.com
Targets
-
-
Target
Scan_Pictures.exe
-
Size
592KB
-
MD5
f8581e56190bf92b20e26c241676fb7e
-
SHA1
21efc7fc501affed54cf4eeb9842a283a16fa4a1
-
SHA256
8bdd8e2b3d91d21ea2cad77027b0a8b88f9d7d1ec2733b86c1c664bcd847b81d
-
SHA512
4a1c96a7480a538bda2fb129e25d1382d0d0042cdeb44c4491b1a7b5ec63614acb5ef776d0fbe844d22620b1f801154a19ae714414cf6bcdb3b2ce1d1cad6784
-
SSDEEP
12288:nToPWBv/cpGrU3yp9uQmvCduEnTImJ6Uav+:nTbBv5rUOtmvCd7Xav+
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-