General
-
Target
7f53bd1ec3c75fe6f9c52cb4d1d443cf04ccb43f16faa8bd6ffbdd8b465b049f
-
Size
315KB
-
Sample
221122-kfwqksfe75
-
MD5
3e1ecb39e6a09031473e9583cceb9d53
-
SHA1
6b5882fc292ba34c38e67d322abdc09492d64ed9
-
SHA256
7f53bd1ec3c75fe6f9c52cb4d1d443cf04ccb43f16faa8bd6ffbdd8b465b049f
-
SHA512
a0fc051979b6a962a5591417a98630f670949f0b42316640c4ff41cb1ce13a9b154ad61bf77c77e0c1e2735459e1bc12b848382a4630ffa564fa4ac202372acf
-
SSDEEP
6144:obE/HUGMJJpXPV/Wwv/SG1zV5poES6rMK0DGnDkKy1ZpXMSC5rwTCAw2C:obJzPt/nFlV/oESn+c1ZpXMSC5rXV2C
Static task
static1
Behavioral task
behavioral1
Sample
7f53bd1ec3c75fe6f9c52cb4d1d443cf04ccb43f16faa8bd6ffbdd8b465b049f.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
nrln
IG7zJSm49UqTTuu/N/oTCIg=
CVLdAPgw0CRSMuZnRRU=
PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG
5i6p4GeQqtBgNRfGNQ==
5984keYswxh8mGZHz4ipAHtQ
VNJaK4Gh0CrOvHpW/p353A==
71rEtrL2icToyKGhcWrTxjsFU5T98zeO
r3q1sy1iZaL+2XIUAob7yw==
9+83Qkrk/vV/jVXsDvoTCIg=
aMFAgYF1prov8/UErH/Y1A==
Alqtx/0rxwEbCLdudftl
ImCbnglBSUHF0mv2tTSP40bPeYao
s4DFNvAJ4GIJ+g==
phOa6mtS8QQICuZnRRU=
7TSu5vqRtB45EZtf4WDSTBHPeYao
ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=
HF7jKjbGox2SAffTPw==
yAM3mOQot5l+cD0ikR5MGp8=
UYzW0/8z70JcQenVLidu1kLPeYao
OoCznp5UWz+hT9OBFXbfVhXPeYao
RZAWUeouUqpRAffTPw==
qQZsaG6uSqBRXS0J4PoTCIg=
idE3YO0X4GIJ+g==
NZQvYOWIBkHd4Z7AmQwAslxY
1KTdRR1OPJb88A==
8iap4OQKp/C3gQludftl
9Tyi5kaIC/Dk7JRTK/5lx1LLzRi53w==
3Lbm4soAuhRHLuZnRRU=
F4rw7+2RqgQp3urIPPoTCIg=
WcAxntfwcZZxHdfbgtoL1FbLzRi53w==
Cb4Mn+LGQzI=
v6zC+zJc9ggtoRfSUKT5VgjPeYao
8SNotqm7G3gx
zkfYBpVE7kZy6Z1eRBc=
fGC3taUlU5/grJFa/p353A==
guxOQaxAp/H3/7hudftl
1ySVyYygrPSWgzsz5voTCIg=
kgzOYyfN4GIJ+g==
uI3MyBlFYb9zLp9O/p353A==
LiJEdPqeLRv/dUMZph0=
P44MT+MPGVCfAffTPw==
92zQztuUoOD397dudftl
KAIeV2q7G3gx
16rd9Lv/EDB9NuZnRRU=
Zq8rUUtzFDYhDLdudftl
0TzN9nwSt9Ld5oQMz8oX7KcwExI=
8C4/Zed9GAoGCuZnRRU=
0R6HvJ+vT2pZMuZnRRU=
PXCroG2LPYhB92PmoRh6SNSmrvNCcT8=
jcoShE+OVbsoB4Vm
XKDr2FEDkRYoA6F7B3bfVhXPeYao
lxlqoFqiNTE=
gth+8scYHF4q9oJM/p353A==
kV6UlVdWZM+9b/WfNw==
mMkJeLvrdq91ULk=
Nxw5ckJtib7+oGdQ/p353A==
K4vu5D5UecNAxJtKPxM=
abYdRE3u8iYkqH9x
KnPrFJC5zSp1V9mCQbIDbiMamCw7zg==
DXEGJOvxscsrAcaZBs0qfqcwExI=
JxA3dYsfQKRsEMqqNrMQekNL0+MJaAkWNg==
Q4dtrcgmnb1BThr40YjqkyMQ3A==
7l7NPgxGZMGfhgludftl
MYT9Mshe6ejKfvG1lYXezH0WmCo61w==
sincewordsmatter.com
Targets
-
-
Target
7f53bd1ec3c75fe6f9c52cb4d1d443cf04ccb43f16faa8bd6ffbdd8b465b049f
-
Size
315KB
-
MD5
3e1ecb39e6a09031473e9583cceb9d53
-
SHA1
6b5882fc292ba34c38e67d322abdc09492d64ed9
-
SHA256
7f53bd1ec3c75fe6f9c52cb4d1d443cf04ccb43f16faa8bd6ffbdd8b465b049f
-
SHA512
a0fc051979b6a962a5591417a98630f670949f0b42316640c4ff41cb1ce13a9b154ad61bf77c77e0c1e2735459e1bc12b848382a4630ffa564fa4ac202372acf
-
SSDEEP
6144:obE/HUGMJJpXPV/Wwv/SG1zV5poES6rMK0DGnDkKy1ZpXMSC5rwTCAw2C:obJzPt/nFlV/oESn+c1ZpXMSC5rXV2C
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-