General
-
Target
EDF101602AB8EEBC9642FB56728B45E0F00D9E669DD08FEBB0D4F85D08DBDC5E
-
Size
509KB
-
Sample
221123-r2x9vsdb61
-
MD5
0613cdcd124dbbf1ef1776e9d8a8e3c1
-
SHA1
422a058adc32e176f3a8cf6d7d605e99d7e477dc
-
SHA256
edf101602ab8eebc9642fb56728b45e0f00d9e669dd08febb0d4f85d08dbdc5e
-
SHA512
2a62820cbbb96e849351df77b71ec1e625b23bff34ed3c29a498e15855c6e8c556f843610ece8e12aedc0e7c0bb0ed5c77b66e9b5f0da71de3211a2f5bf1ef15
-
SSDEEP
12288:evRABUQg4ddmRG947jvpZ4wrCzBAP6ywhISajgr9Dv:evRQJmtv7rryyYije
Static task
static1
Behavioral task
behavioral1
Sample
VSL_BUNKER INQ(009-010).exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
VSL_BUNKER INQ(009-010).exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
u2t4
is0/Kr2pwzJzsQ==
Br+Y1UJXBRwi
3xyPgizUdKz09BsETkl8og==
ze1TAoMAaDPX/7U=
UVOHbw2GAq+PuIWSsQ==
OFq93KpeAiRsF44pjf8c
UjleSFYu2ROPbM8guwc/3jgL5FIc2g==
ow7s/hPgGLjvqwpJxQRltDRE
3OpfZ+axwzJzsQ==
pL9MWhCRBLWPkHMroyxnEnVM
EkLh+4L0Zn/kqj3SzhKGlog=
7WFAPUAKqMzaOaf3h/0jUEsP5FIc2g==
Npp5j75QZShZGHHS0xKGlog=
TzqeenZDdYzTtA==
YZgC6XhkQ/MxdomLwxKGlog=
gZsaHLeQT/1Yl4FYhfAKLV/kkbg=
6jTksbcyDbLMEbkU
RlKKaAnhnksyMwR/mB9umKUWjocoa24=
oDtW4wgWu8cPx93u0AqTK2A7QzRM
JyJyIEb6tH/4mdvroC9pDnIi5FIc2g==
rpcnsB0attg=
L6ZgGyzPvzqOuw==
kaTSWyMkNxdprA==
RRg2SHb71oHCgyhSW+M=
/eLZzdHk2nTEl3KkT9gU
a0JE4nD6hbwGCicFTkl8og==
axYgwUXNm3jeBrc=
H5tKHyP3TFiTCDn8Tkl8og==
OUN5YAjiBx6kk6Cjsw==
RmQa5gKoufA7whLyTkl8og==
gNM2F7colZ/+GMs27DNR2jPf/yFG
Tgr1k0cYUgQ7NP5pFlm1+WJd
p26VU8CiZhmkk6Cjsw==
dzhYEZKIn/vR36w=
KqqRkHgVNoGaK9Ac
FwBbWuCmyew+uIWSsQ==
YuaWcoBIkCxMadQe
rPiRoTwJJE7MEbkU
3qicQvq1Oei9iSWYlBxltDRE
0KGchIn6Lw1vrA==
NiBQLc9KxXRVc5p6dqzJ2Bftr7s=
c9SNPVy5Gs27z/C1drvTSgmaJDxR
7HZADkQGI07MEbkU
KfAG3V41CA5+VrMHsAVltDRE
Aa6hkYlMgh8NlOIpjf8c
u/BhAjT3w3KsESxvhfo=
jqD0xWEQO+5PGaBNjM0F
Loh5g58O4uicscO5uQ==
Z5AhAyegmEgUnUy0aPNltDRE
RYIm3+mHeDIph/A4xFyGk2wN5FIc2g==
pfyYp0In+6rsNh/1Tkl8og==
oUdcEplGjkeJNp0pjf8c
DNT50Hw5cCBwNpHWZJGvT5o7QzRM
gERvZwdtzo6LuIWSsQ==
hD5H6YMisG1FFxxdXvkL
ucMLy18YuOddeR5yddj5Ig3EXLUCymY=
WS5E+6FZqh1Byx4c
Sz6EI2vnWnnxIehWackLiAkM5QjpsMJA
2gKHeQl6xF5NZD25xxKGlog=
Li/5+iDztmY1
dLZUFS7nBSho4Ckprilc7EsP5FIc2g==
/OI49XkPmbS7HI8pjf8c
mjYNLsY9lzIaKyhSW+M=
0pbke8L7wzJzsQ==
michellegobbi.com
Targets
-
-
Target
VSL_BUNKER INQ(009-010).exe
-
Size
724KB
-
MD5
a4cb79737cd6958c38b7bba6e414d795
-
SHA1
688d24bcf41841ad8d7b9b1b90ec6c5c20dae498
-
SHA256
b93895bf25b4802252c954577edfceb1ec4288270bbd04a5aa6226f7c974774a
-
SHA512
0a7fd76c1ae2b8ca0974f0589cb1da4a1b8cbcd55d2f84cbd8f59f9f68ab4153b53d1d6394a9d80965c2a27ace3138bf237279be34704308a0315c1ba324b10b
-
SSDEEP
12288:Vx8sg+dhSpDh1rAKm4xUXXTXjfRCbYiLMTPcu3d6lM/:AkdU5z+JXTTfRGC3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-