General
-
Target
2feebaaea78e2ac006cd21f83b49693c134ef85ec60c95ec9430fc54992ae627
-
Size
902KB
-
Sample
221125-jzyhvagc4s
-
MD5
7201682614e96eeed10b75af102ca4aa
-
SHA1
52781036d635f0a0e977f1737242725cf0964fa1
-
SHA256
2feebaaea78e2ac006cd21f83b49693c134ef85ec60c95ec9430fc54992ae627
-
SHA512
d6657af20254844e9d8a0dea129cf45a1f7813bd637900eccfdb0ad20ce92dc5d673586563620658c858c85c2b96df8023c0a2b5212e6c1a3a3c814096a6093f
-
SSDEEP
24576:ahwqArbintq30p9TQxpTWYINxtAX3l+ah9:pdnintyOkvUx+l+ah
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
manroyal
Targets
-
-
Target
2feebaaea78e2ac006cd21f83b49693c134ef85ec60c95ec9430fc54992ae627
-
Size
902KB
-
MD5
7201682614e96eeed10b75af102ca4aa
-
SHA1
52781036d635f0a0e977f1737242725cf0964fa1
-
SHA256
2feebaaea78e2ac006cd21f83b49693c134ef85ec60c95ec9430fc54992ae627
-
SHA512
d6657af20254844e9d8a0dea129cf45a1f7813bd637900eccfdb0ad20ce92dc5d673586563620658c858c85c2b96df8023c0a2b5212e6c1a3a3c814096a6093f
-
SSDEEP
24576:ahwqArbintq30p9TQxpTWYINxtAX3l+ah9:pdnintyOkvUx+l+ah
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-