General
-
Target
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462
-
Size
1.4MB
-
Sample
221126-kkr8ysaa8z
-
MD5
da07bd9468f54a1b6b2e0ef10af1055d
-
SHA1
e92509af85492c6ac6f9c9713ae4be8c129cfb81
-
SHA256
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462
-
SHA512
036478fe9143a55ac12db163d7edf76b1c2dfc4f701d83cea1d99c010faa4300620da62e01326ff8113cbc903f65c2c0013b91edae944e5fb223f2d9a831a1e6
-
SSDEEP
24576:1NrVMor2JF195R3LrLiMrdbWEDdfRp4/53XUn1Qk3Pc29x+GQX8LsBLli:1PrAbvR3LiMrj5fROh3U1tBx+GA8L8U
Static task
static1
Behavioral task
behavioral1
Sample
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462
-
Size
1.4MB
-
MD5
da07bd9468f54a1b6b2e0ef10af1055d
-
SHA1
e92509af85492c6ac6f9c9713ae4be8c129cfb81
-
SHA256
d07c52e76e70f10941d294fbf9cbb34fcb3097d1a0a3d3c9d5f216b3b0a83462
-
SHA512
036478fe9143a55ac12db163d7edf76b1c2dfc4f701d83cea1d99c010faa4300620da62e01326ff8113cbc903f65c2c0013b91edae944e5fb223f2d9a831a1e6
-
SSDEEP
24576:1NrVMor2JF195R3LrLiMrdbWEDdfRp4/53XUn1Qk3Pc29x+GQX8LsBLli:1PrAbvR3LiMrj5fROh3U1tBx+GA8L8U
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-