General
-
Target
12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
-
Size
1.0MB
-
Sample
221011-xckv5ahgb5
-
MD5
03a6f05f998a2c1da3bbe3dba6f44917
-
SHA1
b9a38f68387f77ed9b752f056bda282580a52ca8
-
SHA256
12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
-
SHA512
d45f3792eba2e04b5f1c9686ee7711f6a2edc976e4f770f34cdff86bb537aeb247d1fe0b705c5cea8860cf32245794b95f2a156597136a168e5c1a953ef929f9
-
SSDEEP
24576:jBxiZeC6Lj/mHlOdBBR6x/a2fQY5kfqFGlwpV:jLiZeC4TOOdBn0LfTqfqFJL
Static task
static1
Behavioral task
behavioral1
Sample
12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
-
Size
1.0MB
-
MD5
03a6f05f998a2c1da3bbe3dba6f44917
-
SHA1
b9a38f68387f77ed9b752f056bda282580a52ca8
-
SHA256
12608321b3a1385f9c0650e1208090b9318c65a52bc4a60f4b3419b622f40b2b
-
SHA512
d45f3792eba2e04b5f1c9686ee7711f6a2edc976e4f770f34cdff86bb537aeb247d1fe0b705c5cea8860cf32245794b95f2a156597136a168e5c1a953ef929f9
-
SSDEEP
24576:jBxiZeC6Lj/mHlOdBBR6x/a2fQY5kfqFGlwpV:jLiZeC4TOOdBn0LfTqfqFJL
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-