General
-
Target
factura.20003802..lzbaj.efzko.zip
-
Size
2KB
-
Sample
221123-jk7szaff78
-
MD5
c31b8dbbc4559250cb0786174620464a
-
SHA1
adf1043b926b7aa2a79cf8ec8795db3610c27f03
-
SHA256
01f65072aab14c6f49d25fcb55d60adc2ae2f2c6dcec80b45e5fbdcd30df805e
-
SHA512
f0f8877f6c89b6b721a6ef17e15c0b306b4dcb8717422c1bb5f514544d4c98773739d3de33660feeaf01543e2af7a7f0917179e48fed1aee67bcec4c080718b0
Malware Config
Targets
-
-
Target
clave para descomprimir.factura.20003802.YIs.txt
-
Size
61B
-
MD5
2b2f9b130c91357c38d5e345221d6f48
-
SHA1
c59d72b3734657398449d2cd665c9712ee0af6aa
-
SHA256
d1a1f1fd197e18d7ed2d4aab9fb593d9545fd895c64273cb378d609aa24377c6
-
SHA512
a492d9fa21b63261c012e569271cef764b29ac41fe33dd1e461bedd0d4beea25ff7022453ffc9c8a9daaf45980176f2f84dbb6cb6a280be0bbb08c6a0558a20f
Score1/10 -
-
-
Target
factura.20003802.YIs.cMd
-
Size
7KB
-
MD5
9e2ec64b4b72b2a179f09e8983cab503
-
SHA1
8ac596246584e5326c3f5512157c825c04321cde
-
SHA256
c3e8f8902c9ea831eaf28fd536f989f73fb7961a7bcd863801796102d9583b30
-
SHA512
9c3a987d0b17f096a69369e5d9c06618b0b03c453b6a9e89ac7486e1579ebcbdbd0a501173e79d6346e2835884c58dccf737d1d87fca0cbfa53991c8390c63bb
-
SSDEEP
96:e4bS5yNfoIZqAfrXfrXk+AfrX/jh0UXQR/sv4+zdHG+An9eQkVxRsUlSxWgd6wzh:6lQOHEn9dkVxRsp6wYmKm
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-