General
-
Target
ORDER_PO251455222785xls.js
-
Size
360KB
-
Sample
221005-l7c8zseac5
-
MD5
da85ecaf5be8dec7f830cad375d64b02
-
SHA1
d98c20911248a4cd751f33bcb1bbbfc8417b8414
-
SHA256
82e21bcf9876cac1633fa8fea190eedf18f97dd55cef0a6606256d0f35f1953f
-
SHA512
8099cb708368b2ade3a7edccbf406fad7c8585fc811bcadd9cefd6430afb081b406d1f03b970b7d1428ab7797383e5a6a10f702653f23414ed3de2141b49ec7d
-
SSDEEP
6144:VVvgl428Abxr7Iq3EoGox10qXip+G2Ew2Vno8CCFAB/hWFTfnylmgUNMabvg:Vyl425lEjqXk+Gxw2JCCeBqXgUNMab4
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_PO251455222785xls.js
Resource
win7-20220901-en
Malware Config
Extracted
formbook
douy
q/gE5cI3rDQ=
mWCSTU/0Qg0y2LI=
Ozoj90916XZyH/FO1eCN0FbH3B8AxgG7Ew==
g5GYftfE/MwWgYzxjKuH
vYfWrnDlWBLBYqeE
Ovww28VyrH1wHcha2A==
lqgaxrprk2qvYslb2g==
oELEK3LYUxWCa7iY1pVWxhBaQQ==
8Qp7H/31ZmEJzbA=
v1ZJvbrbN8Csuid/4vRrXKLjDoB3PQa5
ZCbNYcXjHpvlbrKO
9LL1wbJRw4QPGFwyQxePqS2ZaO3T1Q==
H9oCe3eR/b6yh8lO07snFpmfgI0=
+9aXS875O7eqViZPlo47yhxnSw==
eTqN+HUSjk3lbrKO
xDCvt/BcVjCQ
+5yHTtcBR9bcr/Ok2xfBCw==
up7eiFXqd0blbrKO
tIDEiHde4YZeHcha2A==
CNDqbko6tnpqHcha2A==
47bzd0jrQg0y2LI=
rXRDEYyuMNemnAqf2xfBCw==
x8lEuRlJdEC5rQnaNZB7U5I=
LeqXHZ7zN7OqVSaMGw5zyhxnSw==
X2DIpYjvFdUTxqs=
Ge6dE1t+uVqrZRAmYw2J
3rJrGmlTozkSqHzN2YtDyhxnSw==
ePvhVS4nmlRMNn1ao9c=
AqYsl91JvX868F5IiuSe06D1
39/GnNvMCxHwvKs=
iJYdpxRFdxtgRpy7vheP
VRrAa+cQTs/WpPC9HrBYFTZ8Xazrf8c=
p34+9z9g0ElV+eSZ
UGLNi5E9hhiSQhn2fciL+bv9
+wUMhl9DGE6MhfDF00zcFYU=
PQTLd8G1AJvlbrKO
VSRU9OSFsTK11lA3O/w+IFbi
r7IzE+zD0L6fHcha2A==
YPRmRD3rKGnFaehH0g==
0aZW+WXZQwXBYqeE
O/9GrgkxbDt+Xd0wwQ==
5bLyzGdWxIigOwJe2w==
QwlO9cvzGaqSaehH0g==
PAQ5B+Z4v69pH5kBbMo=
HP6xMa8A/bipSi26AlzXbG1ySg==
aTR1Py9/s33w1gDRQ79yTEm9aO3T1Q==
qrwavJd/7HeAP4ITVmniAw==
1m10O/4ng42NmqU=
6rh5HoGS2l1E9uq7vheP
QhhdFyZWmi0=
p4lQ/U5Li2C2d6m7vheP
h4cAabfHCJKLOBZxqxLTEg==
hXzz0enrLUpUUA==
cjh7RivVR9lSA+C7OpB7U5I=
+PXanegRnWRmHcha2A==
9L+QZdb7YQ0I+mY3iqqG
4mdxX2YLZv5c/RWqtt0=
0t5k2Cg6dvbklHvgVFjczUVvfYc=
8a/oeWECOQbRgFxntJQXKV+WabgH
OhZFuHsPSiAJ3tfoSljk5jJ4HKzrf8c=
JRaPHH2f53B8CEaos3dyTtpG08y7wQ==
bHx1P7AZjlDvJ3vd2xfBCw==
eX5uU7yv10QdGkyi2xfBCw==
0sGoigc0sk0uQLgigoc4yhxnSw==
bigeasypizza.com
Targets
-
-
Target
ORDER_PO251455222785xls.js
-
Size
360KB
-
MD5
da85ecaf5be8dec7f830cad375d64b02
-
SHA1
d98c20911248a4cd751f33bcb1bbbfc8417b8414
-
SHA256
82e21bcf9876cac1633fa8fea190eedf18f97dd55cef0a6606256d0f35f1953f
-
SHA512
8099cb708368b2ade3a7edccbf406fad7c8585fc811bcadd9cefd6430afb081b406d1f03b970b7d1428ab7797383e5a6a10f702653f23414ed3de2141b49ec7d
-
SSDEEP
6144:VVvgl428Abxr7Iq3EoGox10qXip+G2Ew2Vno8CCFAB/hWFTfnylmgUNMabvg:Vyl425lEjqXk+Gxw2JCCeBqXgUNMab4
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-