General
-
Target
23810a347a861458fbf36d28b952cfb818c25ec93472d563624a5899ab865d08
-
Size
1.2MB
-
Sample
221126-2hwl2adg8y
-
MD5
203e301120b80c92e5972676e83a6bd4
-
SHA1
0301ea704dbbcaa140c9fc944ef359efb015f934
-
SHA256
23810a347a861458fbf36d28b952cfb818c25ec93472d563624a5899ab865d08
-
SHA512
667f3ff731fe2bace6c2c0626fd229f30c1abee7b087d8a47651a718e8f518e44bf692e93577246522f2495ed28a5445b606fcbcd0a6e437436137680d96e1b4
-
SSDEEP
24576:clFUFLBupBHAowv1mSf9XUaHn1Ii7yngGejJ3P4rnhkLrauL7dQlv:P6HA/1mSf97H1I+ygGeF3P4SraUQ
Static task
static1
Behavioral task
behavioral1
Sample
23810a347a861458fbf36d28b952cfb818c25ec93472d563624a5899ab865d08.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
23810a347a861458fbf36d28b952cfb818c25ec93472d563624a5899ab865d08
-
Size
1.2MB
-
MD5
203e301120b80c92e5972676e83a6bd4
-
SHA1
0301ea704dbbcaa140c9fc944ef359efb015f934
-
SHA256
23810a347a861458fbf36d28b952cfb818c25ec93472d563624a5899ab865d08
-
SHA512
667f3ff731fe2bace6c2c0626fd229f30c1abee7b087d8a47651a718e8f518e44bf692e93577246522f2495ed28a5445b606fcbcd0a6e437436137680d96e1b4
-
SSDEEP
24576:clFUFLBupBHAowv1mSf9XUaHn1Ii7yngGejJ3P4rnhkLrauL7dQlv:P6HA/1mSf97H1I+ygGeF3P4SraUQ
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-