General
-
Target
image004.exe
-
Size
15KB
-
Sample
221123-lkb3eabe94
-
MD5
05a64724337efd906ee2b96271794fb0
-
SHA1
b4e5d9f568e75f03ec6d6162e7cccc5fb51f1dfa
-
SHA256
dfef95aace8bc4b84638abf73bdfb24e3108f8fef08ad6129546a2ffe9c13341
-
SHA512
08977076cb53c9b7770e3860debcea22246a2e05b5d9b6e0a4783dd4528aa6af511ea086ec628ccefac899afe0e9f9694d8e265380e529bf7e1ca6e9192b6b87
-
SSDEEP
192:bGbLYuZbHzxQMKek0LhkgSleWk8Lngcq2/4yTLzzcyrwzc5+45ZPw4d+U43P25:AkXv0LhQoWfgcq2wyDwySc5+c1h4+
Static task
static1
Behavioral task
behavioral1
Sample
image004.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
s2h0
aPAdsgRiM5x/yL/X5cm0VzOos18VCw==
dSikZMo3DX9YnT+x5r59
MuZXDW3373RVmozB4qxFB4TP
etxRTtBOmdLv9Ji3bO4a6w==
cV0TtnwKShHy
sMCRJpM3pLEzQGF7OA==
8/z1y5az+w6oJEvAnYJg
yStNFwgJB8qEsJ63zrBFB4TP
cTzYzR2KJdPl
XmERsrbQFFc8I6TW3/oJz61Zs18VCw==
kRd/feIxF5FObwVf1+Y=
OKPBaPCEyH0oM6Hn7oMSUso=
CgmzVibsv66DWPAUrXU4U8I=
sS1SCHE+uG6FD0TAnYJg
+KVTMo4N6VwErccB
lMaVXfE6YN3aeg==
YdgFnvPAI1QPrdAn34YUY8Gohu68JYOv
KzcRJLlCQHwbpOQqYoCB+Bp7yA==
wbtcD0JabN3m
vNfSa+yFzotDbAVf1+Y=
nt0O8HE/ewYrpFqNLw==
9GJ/MAsgfzAIyeIL
iXsowp/g5lUXLdUHrXU4U8I=
u3vpdnNvRjkTpFqNLw==
r1EB/GXr2EwpL2HAnYJg
6GwJoZEka2ZvewVf1+Y=
W3y5o4uPdnhZG320cWLW+3TTwPP2NA4zUg==
4vWFSlqhBf4njWi7YURw+Bp7yA==
U9P90sDDBVkvqFJc3rT74w==
ygvvxa4DfH7zIgM5Vu4=
qBjIQOvNELebbQ==
lhFCGQIYcx8Yek+yw5to
zcZxNUmZELebbQ==
vHkW0bd52oFbOfA=
GbUi0Toxp+uLEDptk5CEOBSAqLYNMQE=
wOIFGnzxvjkIyeIL
ZCvTTP86Jw==
2on9txa1/AMGpFqNLw==
t2nlpbYHOi4p/lx2b2Fi+Bp7yA==
ELloYrFvrS4uhGGJpUbeOaz4BTaur7Oq
XCV3TzZZoiMkVL4D
P+1nHG4Gbzz7KQMDD++g8CRyps/b
dONOk3TkvXT1Geg=
yzlqOLt6tS0THFaR+Ixm
FOaDas1XjTPM26Dqj1lw+Bp7yA==
2sZwE/gye3T1Geg=
UUP3mXyOQgGLaA==
uvUYDhIpGiU4Q/sVoHU4U8I=
7JtOL3gCZS7NyXiLpV/BQ8c=
Q4GrtLu7wHoD3VCFbO4a6w==
ZnVNMo8eF5x+z9ViWyvmP8o=
gULr+lcNdSwIyeIL
VWETrHE9EAsHpFqNLw==
Ltk94SrLViU2OfU=
E8V2WrJI1ZXkZFh4OA==
5yRIMgDX3p9KbQVf1+Y=
j5WKlobNDQYDpFqNLw==
XZHLsHhrrADjsCx6bO4a6w==
DQa1f5LrMScQpFqNLw==
1xJ7Jo9RiTU=
w3US+oAcEpFZdQVf1+Y=
BPv3BBwyH/6sPnq1yalFB4TP
SIBcBuEp2Maxcg==
kXReotqKJdPl
lenderark.com
Targets
-
-
Target
image004.exe
-
Size
15KB
-
MD5
05a64724337efd906ee2b96271794fb0
-
SHA1
b4e5d9f568e75f03ec6d6162e7cccc5fb51f1dfa
-
SHA256
dfef95aace8bc4b84638abf73bdfb24e3108f8fef08ad6129546a2ffe9c13341
-
SHA512
08977076cb53c9b7770e3860debcea22246a2e05b5d9b6e0a4783dd4528aa6af511ea086ec628ccefac899afe0e9f9694d8e265380e529bf7e1ca6e9192b6b87
-
SSDEEP
192:bGbLYuZbHzxQMKek0LhkgSleWk8Lngcq2/4yTLzzcyrwzc5+45ZPw4d+U43P25:AkXv0LhQoWfgcq2wyDwySc5+c1h4+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-