General
-
Target
PMP-INS-93-2436-IN-1017.exe
-
Size
265KB
-
Sample
221014-p7p5bsdeb4
-
MD5
a0a1f5ff78c714b094a5fb386e02a7a3
-
SHA1
10fd01e713a5b96d19fd636e646f231bdb059bf1
-
SHA256
187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
-
SHA512
6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2
-
SSDEEP
6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB
Static task
static1
Malware Config
Extracted
formbook
fkku
ItLUfbYmkw6ODl8lnvwkR/8=
oUKMUSjydqzVWxG/CqjK3ngAhQ==
HB9lfRtFwT/XlJ9Lxw==
hBYXuorq7a3WwPq1NSezCMStlQ==
ciRqfQbLgwx/+e2rLqTZ8oMLc2LYY4o=
9vb76Nc8JzKlj4YEQyPAx2dx86U=
fB9041xJgwl1
ND8juoNyH6x5XqlZ2Q==
QEaot04y8XLjFOBp1Cg=
SG6vmdmmpmFmDosczg==
WWCorUT756r1F+aD3cd7Cij6nSFQ
Yl63zVL2NnFph44XcKkiP/k=
s2RfFNOd3fuBEJNZ2ig=
u1p6Ucr2uCketwGD
0vD8lFkSfRCHEJdebbrb
qzlqgxrsrDRmDosczg==
H5aTYXc2rHXjzQ==
S/pFbexYx0S+Ex7SN5rC
9kOIkRTWkA136nA2Ua/R
ojOElJ50E1N40ZNanCbEZw==
M9rnjMSmZiRSZcA=
84iDJl8exTuvKJ9ebbrb
ojKRZBuMgtAXEGtl0Q==
fYjH5/XDCxSLK59f7SG7iphglaRY
jDhH568s83sCTZxeXT3ZcA==
+aX2yx/k453OLrdq+Y3/CeA=
dYKtPYJHN1vSzs86aI3/CeA=
JdDfj861c+9v8DbQRzc=
+YTsEh3zpP04sWsVKB87P6p/sJFKaw==
9Y6NKXk1J4TGqdw=
HENKJqo5afVt
0mJvDeJIOT12i24nwA==
r+RRbqgBgPtw
jp/W8PnXi9/Wk14pxA==
Js4O3DcODcr98D8ZTSvZ5FdNmhCyQoI=
ZPw/M2tGV5BMWlvfJyI=
wFGm1VFHB1xmDosczg==
7h4tyxWW06b/0aobVY3/CeA=
xcgqA0wwV3kCQ4pNd0DVdA==
k9jsiD3AvtE0Ci1eXT3ZcA==
IjGAlC8dTnTwwwHH3acsRVfm0e6EasRsiA==
7fc+SNO3873Kig91mGIBoADAlA==
gJzuvRVmJSxP3Xn8N21/ECb6nSFQ
rMcgQ8eANbxDpWImqfWjAL6hjQ==
n8rVcLcMhA9164ExqwcpyLutoSRaeIBciw==
KTBeLP/AQ4G3XqlZ2Q==
8hgbtW8xq90PjVUbLgxpAL6hjQ==
3nOhrT8o6VzPRdacl3Uwzwur
XXTB3mUo3i1PNHdhk2ZuBSH6nSFQ
awheOZJfU2f05jksZ43/CeA=
V+bzl+OXmmBmDosczg==
A4yhd3vFweVmTUIvPSA=
jRRnlZT27AV9QT1uvw85PbWLsJFKaw==
QF9Z8bKtU+QetwGD
ED1tiUaJjjN6
I8jGXSN/rHXjzQ==
tcjg0tu/BwMqRms1wA==
t2xtIt+r7QmIhJmKxxfQbw==
lRgQruqysfJjsV4hSyXTWnc6ydiJp79w
pjxP5bAs8nm2dwSJ
0PP0u0gTyknCB1fgK3evTmj17KU/YQ==
kzxi/wlC/1CLlKKjIo7G
V2rO9oVG9GzZNMScl3Uwzwur
53TKl/BQzFG3Kp9ebbrb
mariefrank.shop
Targets
-
-
Target
PMP-INS-93-2436-IN-1017.exe
-
Size
265KB
-
MD5
a0a1f5ff78c714b094a5fb386e02a7a3
-
SHA1
10fd01e713a5b96d19fd636e646f231bdb059bf1
-
SHA256
187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f
-
SHA512
6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2
-
SSDEEP
6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-