General
-
Target
OA74612.xls
-
Size
511KB
-
Sample
221115-njb25adf43
-
MD5
cc083b13b3459bd2f581f4afcaef5051
-
SHA1
23abd922b107ac72fbe337afcd85a089eb669c27
-
SHA256
ee1b53c87bcbf6604980ab928baaf8e8c70cb26fb341d49f05addd70fed92627
-
SHA512
f85aee0d80ff76f39cba62f47a2e462d4e0256ab983b530c1af22561edb257dbce9fcf3f5f1f74ab1c37be66f3defe215971c032cb976c209ec03b308f1c8460
-
SSDEEP
12288:fdNqrDx7XXXXXXXXXXXXUXXXXXXXrXXXXXXXXEmY2TmWTmjnK4D+DX/xao7ZmwW0:Cr5XXXXXXXXXXXXUXXXXXXXrXXXXXXXF
Static task
static1
Behavioral task
behavioral1
Sample
OA74612.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
OA74612.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
g2dc
OqIwFVmXHnPUgdurr7I=
0YwewYtWNLZdkF7Q
HFT6VwOYdkifOpbT1h9DcYQ=
D+zGTvGlpriTumzBbw==
gMSID89/QqMV8yjH
HN5/g0/3yJBsnZCig9Qf
Hl33xdRU8xaC1rY=
/rhq03DorPAUH2bSp6228fGQ
gBwzCyfHge9SumzBbw==
NuOmK9+fenLQa9urr7I=
cA4+yKM4IQjpFwMt1BQEUJ1q6y0=
gpK3pqdoVNu93yS0uhocUtQmtQ==
3i3tx82Rf7yQdIyeprA=
FTo+4qVlVK7gIgxi0g3bUA==
7kDtq4wo6+cV8yjH
Dc123pIo9vcNuR9pwkQ0pPpHvQ==
KYREtH0zKNiI374=
Tok2qF4n2XOiRw==
DYFtA6ZXUJfA3MLhRtTVTQ==
C8poIeeskBCxEYHIbQ==
SphQtzv393fpQTmDIBvxFxyuxIK4BJWOUA==
AB4x79KRi4GW5kKig9Qf
IVcHfD3hpGSLl9+IRtTVTQ==
PzAWlDfYi/FTumzBbw==
c8KfRhi+nW2XvNurr7I=
UsixbWn3uiCIyfadTEkZUtQmtQ==
g4pzHPfEqsDb8rw=
r0hgJQncv5PCYr9RvAvxdJM=
yFlw1kAR9tY=
SVpSBeSERrimumzBbw==
uppZPE0xxRFA2yhWqvDARw==
zRjhy+RmLa2WDW7Sp6228fGQ
liYa0MmYn+0fseEDsP5EgcEftw==
MH4a78axhU2Gydurr7I=
2UQv2aEq56DO6iHF
CFomvat2Vcmz09urr7I=
q2kjkxkeyEk/k++FRtTVTQ==
BG5M2sVYFP1V7UOig9Qf
+ibWP/CKeEBw/kaig9Qf
+UsepVwfAGme8WWvyx9DcYQ=
zHJ/UmYN3lGOrY+sNUUaUtQmtQ==
A9rJR+iHRJ8V8yjH
f1c45sZoONiI374=
TaiXlThWwWrIWg==
Gno6rEkmp43vR3d+pas=
YBKzbS8Bi+0Zo/+psqY=
fygs4+dfFHRSbaE+dLAcexvc6t1n
QvyqxGh3/kh3mYnP
ZPYN3O+UTaMV8yjH
hItu96hZQKPkgrjbRtTVTQ==
gYpp/ZKAQpnIWQ==
ryD0gz7Ih29Zh2y3YGI8u/hFFEWMlw==
o1Twr45FQSldcrwZvP8OUtQmtQ==
4QL6n3gqFwRwAkaig9Qf
kN++Zyvv6yJ6ydurr7I=
SdK4Rv6Qb8w4euccuaU=
ve5+E9JwSEMjOWfxfILEq9CY
P6aMLe6ofmKIoO0U2SmtHYI=
8+bJXD3UknPOa9urr7I=
QPyWSRCfXL+mumzBbw==
8ejIbB/mp6G66Ankdw==
n96ZDb2Ab8j2gtYe4x9DcYQ=
XmRT2XUg/1w+Wn1hdH3FMIw=
LN6J745INyFTPR9kCRUX
yogaguerilla.com
Targets
-
-
Target
OA74612.xls
-
Size
511KB
-
MD5
cc083b13b3459bd2f581f4afcaef5051
-
SHA1
23abd922b107ac72fbe337afcd85a089eb669c27
-
SHA256
ee1b53c87bcbf6604980ab928baaf8e8c70cb26fb341d49f05addd70fed92627
-
SHA512
f85aee0d80ff76f39cba62f47a2e462d4e0256ab983b530c1af22561edb257dbce9fcf3f5f1f74ab1c37be66f3defe215971c032cb976c209ec03b308f1c8460
-
SSDEEP
12288:fdNqrDx7XXXXXXXXXXXXUXXXXXXXrXXXXXXXXEmY2TmWTmjnK4D+DX/xao7ZmwW0:Cr5XXXXXXXXXXXXUXXXXXXXrXXXXXXXF
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-