General
-
Target
CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654da56416564564ca64165454a64616546ff8497919846548498498419_pdf.exe
-
Size
1.5MB
-
Sample
221009-gkbpesgebm
-
MD5
bed6117693dadb458cf4686b87a7e753
-
SHA1
b8f242faa45a641e2b1fa4237abb3d9f12e680b3
-
SHA256
afaed2a9b59964e7fcf1bcfdf4f1dcb0ac299875c27c0e699277d5326340bdb3
-
SHA512
b2370de67e8cc280de94b274fb3ed4fb960fe9ba45d5aa820adb1a806a0ee37a0d7ee1e1c8debd3f62c210197ffefec47e2640fcbe00fdac5d302dae2138b7a3
-
SSDEEP
49152:UIliPPEPPPPPPPPPAPPPPPPPPPPPPPPPPoPPPPPPPPPPPPPPPPPPuPPPPPPPPPPI:Jlk4
Static task
static1
Behavioral task
behavioral1
Sample
CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654da56416564564ca64165454a64616546ff8497919846548498498419_pdf.exe
-
Size
1.5MB
-
MD5
bed6117693dadb458cf4686b87a7e753
-
SHA1
b8f242faa45a641e2b1fa4237abb3d9f12e680b3
-
SHA256
afaed2a9b59964e7fcf1bcfdf4f1dcb0ac299875c27c0e699277d5326340bdb3
-
SHA512
b2370de67e8cc280de94b274fb3ed4fb960fe9ba45d5aa820adb1a806a0ee37a0d7ee1e1c8debd3f62c210197ffefec47e2640fcbe00fdac5d302dae2138b7a3
-
SSDEEP
49152:UIliPPEPPPPPPPPPAPPPPPPPPPPPPPPPPoPPPPPPPPPPPPPPPPPPuPPPPPPPPPPI:Jlk4
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-