General
-
Target
REF344266679.rar
-
Size
521KB
-
Sample
221125-hm3rcshc63
-
MD5
d15b1940acdbe9463e6f7ad027bbb208
-
SHA1
b79dd4b6a82db6d407809051272aba490bccc9bc
-
SHA256
02a8883d9ab27440dcfadece3b732e4e9147f8450ef1256e55d6c5b62c7d69c5
-
SHA512
8164d613067daf038b3d274e1c4786d3b040e3dbd5bd7b0f4f483d3a29cc098c34b726096c97f94938618d6b0e9ad0630d3f44eac20bf9c5b536c0c177cd42ef
-
SSDEEP
12288:RrV+AofRmWNajEASfbf3m8SRTH/JgkXEjJljT4w:gfOtS7m8SRTfauEljR
Static task
static1
Behavioral task
behavioral1
Sample
9YPS0Z3E3FXg0EB.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
bmr1
q05YNsJC4MpYLGAf4A==
6KUzKCvwX0fwzrFQXvlucw==
KA4ZibW1w+hWN5Q=
TfgNq18tIWtsM7h+DexncQ==
zspNqjUKBdJVHTkiMMXJYeF7G53bVvMPoA==
hopQr+b8KzPIbMWvw0Yxir6cyw==
2thmt+17FR/MVsakbM/+w3xGOhopJw==
5gO5gfA6jwna/4FNSPqrvvHyr2A=
kqtr0wr9KaOXVMyDDexncQ==
PNldyz0Boa5cLGAf4A==
Gysor7fqabd0UzTwWp3Zir6cyw==
pMRgV18gtLorB21prX4=
ukpf+vu2u+hWN5Q=
pcS/rO+KmPMj69G9cMHnoSEm59cbIQ==
4fWGzv347bFNDYJeeIHKG5co
WXlRyM2Yn+4Ab1EgRAFHWdGDCzf1
ZPoM+2U1cwMzteOBsHY=
o8jQoNron4sT3A/KomE=
7QX8tTpv/A+YKw==
wFvmV8SY/A+YKw==
95ZJuruBovPziXkgyca4
DMhVqQXTdWLZcWM3IVNtZg==
Fya6G31VF/eHQ+OBsHY=
Q1AMfbPC2yU1IZV9q4C8vvHyr2A=
fRtdZZssSsG3s6Z7
bxBFLS8FnGv/bdOdDdjmfHz9ww==
0YG+jc1b/A+YKw==
lRliT3IEEDJ4ZoZ8a+7meQ==
dI7SuWbu40M=
Z4oXeMBk6sdDMow=
h5BX2BodM4ChJyEJXWhZEIlmBBTw
cYNHnMHSDHNoFn5XDexncQ==
U4uXeMXGel/Yo5F7JWy7ir6cyw==
w30JX9IHAfmEUkjMfJSh
nyYeAHdAO4ibDfK6+QoHkxDjQ0L/
kRNHMSv9qT1YAOi+/YTEubWayQ==
K84SAQbaiIE2JhEBwkI87fHyr2A=
/TfyyBrkRXG3s6Z7
Xm4DxD9z/A+YKw==
Iiod8GDRqTNm
UQavJOBL1PauNg==
5gHqohpY/A+YKw==
p9NjrOfd7y00suOBsHY=
+QwD0hEcmOH9FrqKOoip
t1ynrb95ITDbVcCcYLbyyYAhz/aC86DP
nsJ4j550C9tdGUvpa9jieQ==
2UyPicBXYsG3s6Z7
JcXRsh7oFKPHNx7+VFi2w/Hyr2A=
3AT+4Rqw0TI3s+OBsHY=
0m73TYSQvcdyP7Khu0w87fHyr2A=
0tyaI3KOu9UtnY5MWuNVKWo=
SXV//PAYkeL6tJB6LnC7ir6cyw==
BZ3ZnFfRqTNm
DIiVdbFCcAQd/3FWhBPOSNDjQ0L/
PzqDVoWG2r6rM5N9histir6cyw==
QFxDG5iTNsm3s6Z7
K07iK1LZc1POTrmDDexncQ==
1WJ3D0tnnQICtizlgdNO55Ii
Y3YBWZCixOhWN5Q=
N1AaNH32m3YaLGAf4A==
2wYTDEnS7XWxVTvMfJSh
Um9jMnNrA+BtRUDMfJSh
8eqyDgzQxuhWN5Q=
JbnNV71HXsW3s6Z7
escortsforme.com
Targets
-
-
Target
9YPS0Z3E3FXg0EB.exe
-
Size
690KB
-
MD5
c697ea68b7fbd24afb372ca479d48031
-
SHA1
aa26ceae317672587df112a62771d46a03fdf8c1
-
SHA256
69aa2e3cac902f024d6bb90201fc3703bc8c0501a2c7885b56ac4767e5f41c3c
-
SHA512
84e787006ac0698034ae1d8e6e0ea2b2e71f5ccb20fe0fddc27522c7c0a2a943e228b90e0a9c28e9cb59d26bcee4589efbce5d1922ef60260ec8d6309ae3a988
-
SSDEEP
12288:UcYA6GhOWYx/M+4ZUO5GVr/CSh8oJFKNIayQofjSCYmZJbxpDF:vYpKN5qrKI8o/3aI+CY
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-