General
-
Target
SOR-0188-2022-E - Sea Orpheus.exe
-
Size
1.1MB
-
Sample
221013-tmfglscge2
-
MD5
ab21def9360038cafa353972417b0527
-
SHA1
877b7890ee8aed3e4ba3aefb0723a1ecb41ff27e
-
SHA256
10503ccee19c440f294f4e4833b8df43f2f8f4620f4af3f01dd0a74b11fed33c
-
SHA512
7dbf424263a6d4f93ffc504322ef7e4e650a019ab71181444241b1aff6e73021b02e2956ddd4b27e75aa970f83de689685ac9c6ca96f9f3a7a92388430f0fa29
-
SSDEEP
12288:Usc1hw4e/ehrrzpaEKs0k5yQa2wsUyrjRhxHCQyuVR1hw4e/Ugi:J4LJUEKBDZyRmKG4T
Static task
static1
Behavioral task
behavioral1
Sample
SOR-0188-2022-E - Sea Orpheus.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
6hsc
6cvqXARAGlgdnnbXYQ==
Mi4yZ8FULou6w26U2FDnEbA=
Xmx0bJmRZGL+O0RFfLFNN9AMdwn+
B0WNhyl4T2gWBIqE1VDnEbA=
DI2G9/sG/v6YIh42aQ==
0NTaAl90ZWYiGV/bT4U=
DWCuXrL23Cc3xdIG/0dT
fTbzys/dddqOVQ==
8ClrDFi3i+asgxBOnguhlQ==
YjOkWLSpXeqrXw==
gAIov8vbtv8vr8/tFSXvDULL7thokKA=
xMW2qsXay7xNkonR/zxPo939
xc38fRlgO2opnnbXYQ==
+o31vQlURJKmLUWfHlMq0Gjs
z6GwWxCSKJLJ
2pnQ5evpehAxUt4hd6pq9X71
2CmXDSU2DTmDR+Q=
WV9ScxFQID1V2glQnguhlQ==
L8UDlK65h9wJ7Zeb3VDnEbA=
Agb4LF2bRcDX
SqH75PsH3yxQYR9z3lDnEbA=
h8YG/pfpllgN+r7yaw==
cCpqkbfNqAI/WfJXnguhlQ==
s+knLMwJ3fmRZA0te6Fq9X71
EhYdPd0p8iFxPuI=
Wi4xZri3naA0D1/bT4U=
nWvXcvs9HV2udQo0
l/fjU21+WpE7EF/bT4U=
GZ+SIsMP7w6iAf8+L1pZ
D0mUUXV1P4eNVf9XnguhlQ==
oTlyZvhJFgfB4HVztxCp9Kk=
5PX7IsMQ9DmDR+Q=
dDuAscnFXeqrXw==
kmSrIrD5vxpKxeI2fgO8nw==
1GeVOGNjUmY5yswG/0dT
EYeAIppGt1Gtc/w=
LsHxiswT3tNdNN33H1hhwazaMPvCdA==
8aWkrlDKZrPQ
D4yEIMEI3Nl1QskAbaVndnt00+exZKCtyA==
c8P4ktkmB0ZjAzFCc6Bq9X71
RZnXfaxn0lGtc/w=
ZCMfpTiBVVbfW1ReZMWGoVjo
dMEMsfdKzzmDR+Q=
KTNhf5Ojhd76DKChnguhlQ==
JjlvzPs2/zmDR+Q=
xTIvy3C0XeqrXw==
RcI2ZrS+mIIO2Xub2VDnEbA=
NZOF7/3/499y1QchTG01NlzX8NhokKA=
HJ6Q/QcE2b1DUqrYPXtb
mGvXcvtFNm2Be98zao8=
zRlTSJogCy0=
X2NdecEGn5RLWg==
S4vjrkiPfql//AhBfgO8nw==
oaau7EVWQpAFV1dCc6Bq9X71
rfAaG8H+2xxRQL4BdbB6sJb/Fw==
mKvX7jB8WGcqsaefzfT9UdUMdwn+
WyObTpesZFkXGF/bT4U=
tT9IwOv0tghBx94Xg7d3sJb/Fw==
ApLQj6+9Y+q1+fA=
4bu35JDPqdinbaAG/0dT
xo36lTCBQCSn6gIjV55q9X71
hhFB3UqZbWQoX6TbREhRtajbMPvCdA==
9r7+aqu4oqJPzND+g5gzP27h8thokKA=
xZJ+dpq2XeqrXw==
vuongnudan.site
Targets
-
-
Target
SOR-0188-2022-E - Sea Orpheus.exe
-
Size
1.1MB
-
MD5
ab21def9360038cafa353972417b0527
-
SHA1
877b7890ee8aed3e4ba3aefb0723a1ecb41ff27e
-
SHA256
10503ccee19c440f294f4e4833b8df43f2f8f4620f4af3f01dd0a74b11fed33c
-
SHA512
7dbf424263a6d4f93ffc504322ef7e4e650a019ab71181444241b1aff6e73021b02e2956ddd4b27e75aa970f83de689685ac9c6ca96f9f3a7a92388430f0fa29
-
SSDEEP
12288:Usc1hw4e/ehrrzpaEKs0k5yQa2wsUyrjRhxHCQyuVR1hw4e/Ugi:J4LJUEKBDZyRmKG4T
-
Xloader payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-