General
-
Target
RFQ PBMS 401055-STR-22.pdf.exe
-
Size
1.0MB
-
Sample
221010-mns1rsbfem
-
MD5
bbbffc29c40c5e0e4aba9fd4e2a677f9
-
SHA1
a9ab9ba1a90d144a6ba982003d2116a5b7dd42da
-
SHA256
93e11bd9c359b03f6d2a3add3d1a109275eaadc5b9875b395f9d87e302db93dd
-
SHA512
4381510e00a00b55e41e85cbfc4f67520570d43e1e76918679fba06812dcceebd8002e5f84b963a010c2f5f1c59f123f15b6ff6615ba174299166197845e228e
-
SSDEEP
12288:FSmZqMm9II2iNPv9sXAwe7CrtPVGVh9dpcjSJnu5lzAKp:ZTI1LWAt7YVkdTJn2lDp
Static task
static1
Behavioral task
behavioral1
Sample
RFQ PBMS 401055-STR-22.pdf.exe
Resource
win7-20220812-en
Malware Config
Extracted
nworm
v0.3.8
svetanakravenova247.ddns.net:3498
37f24ea7
Extracted
formbook
mmtr
A2DZqKcj5ytLVZtHJA==
fMXPWQG+JWa0S6lZOg==
8kymMDxB6ShVJHxu2gshFtXY9Rw=
1TcOF6WxcdzplqFGcUCNkBY=
k3TLhZ+bOG7ahplcPA==
K4kL5Aq5abHNS6lZOg==
mXDSo9XmxlqYN6psOA==
m+RNCVT4shAb
G1kzROn+2jCug7F5psQ=
qNYsJkWzqwkZ
0BcDQuH0xt4oBh4=
pfRW4ZhmRsEiyvP2Mg==
Sqgj4eztyCg0Ezwo39iHXQ==
bIi2etJbcdUB
k2g3gBesND9hUoKOzGaVFKX6IuUaknqH1Q==
8dFDXQPnb4s+sWfhwoqOdgmABBK+YGg=
Pn9PmDzelx84EjfdzY0WkiRPz6i4
SrUfvOfNO3DMdLvB
GFXHQ9NuPdHsxOiU2umGMSiTvQE=
Kv9sdrhSbDfMdLvB
0BP6SMdfZe0=
Fl9YrjrsY3yPcZsGJL5KQg==
OBVr6FSzqwkZ
UJeO5oYq0kJjHBfB50vi3aAnkQ==
ImHJSjymU8oQ
4jEWBDVCEW+ZlcN0KN3v
eMoitt7JSH2HaKx0KN3v
C2vSbJSqetPuq7F0KN3v
gWcoOtbjvU68b6bD
XL2ZjKRp8z1lF2T+0sw=
6y35AIdp+O+H1wobLQ==
Q9ZKFkouoNP1we60LMDl
9ltHTW0GzWapec1LJNjxSlOm7a+w
l7d4+LOXM3782go=
URUNnUgWrMfKjYddTQgPDdXY9Rw=
VJmoBI1S5f8cz1gnIw==
wKv5b/utK22seZUGJL5KQg==
xAfW2nN9X1V3cbhmCTk7RQ==
EVvqxNyaHXjBV77HDdM=
Dl2X3ndBIm2yM6ZRa8NLQA==
f9Z59IKzkA8O
E2NpxIazkA8O
xyMcaBMp1xQrLW0hWjKbDc5N
OY4M4fO7lOAEAjX3Kkp67LUjRwcsknqH1Q==
OYtqhgPf7DtlGh4=
ermg8HUcmuT5psNphdl+eAs=
Im/HTEZA4g4RqykeWFfm
7T23dIBqJX/MdLvB
6dFHFhDOte5NDB0=
I3Ngq11D/Ov61AA=
SqP4dW1lC+5NDB0=
yJ+qP/TCnAwW8kY3RQmpW3qmmQ==
UbWlxHCQV8/y2w8RauxeQgE=
0KOF1JwhrdAR
BF/jpcXPi7UVEGAUL69WSg==
HHdwwksTqcvm1A/AqGf60qXcIGoVYBRm3Q==
i1nDz1teN88V8R/kwkCNkBY=
rPVY6PjqshMt7RLKwW+I3rbvOg8uknqH1Q==
/2TrwPD7kcrxueftLvIXcCVx/b+/7Rfx
+U7WpMmsOY69prx8XAKfW3qmmQ==
aWcsXqQ9SrvAS6lZOg==
/OHzgirgSoOzpePqTiyAfg8=
2CoQYwO+LZjJteblFLOeOtJQ
xUN4AJdF7Osp9g==
vendingmachinesltd.com
Targets
-
-
Target
RFQ PBMS 401055-STR-22.pdf.exe
-
Size
1.0MB
-
MD5
bbbffc29c40c5e0e4aba9fd4e2a677f9
-
SHA1
a9ab9ba1a90d144a6ba982003d2116a5b7dd42da
-
SHA256
93e11bd9c359b03f6d2a3add3d1a109275eaadc5b9875b395f9d87e302db93dd
-
SHA512
4381510e00a00b55e41e85cbfc4f67520570d43e1e76918679fba06812dcceebd8002e5f84b963a010c2f5f1c59f123f15b6ff6615ba174299166197845e228e
-
SSDEEP
12288:FSmZqMm9II2iNPv9sXAwe7CrtPVGVh9dpcjSJnu5lzAKp:ZTI1LWAt7YVkdTJn2lDp
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-