General
-
Target
tmp
-
Size
696KB
-
Sample
221126-pg5gbsfe31
-
MD5
07205206a527ceb42ff33e18897d3b01
-
SHA1
abe1605c002d6fea1f1cc3d18003e21d8e1ead84
-
SHA256
df240dd59b12cc79fd1afcbae82d36ba57cff186f18991a69fd42d1ef4639208
-
SHA512
9f8046acfcf5f680055e7dc92e96353a42934ed73e8278d7ad8d55821e2107df84759bb4cde3b7f9e89aa0f2c0a774ef0219dcdccec92c9baffd2925d19b8652
-
SSDEEP
12288:iONJgh/PsZ1DX/VDJ3YM16h7MeQhlELG2NKPh6M5RC7:i+Jgh/PWn7oG2UoM5K
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
8hj6
BPkphuLe3gBqfzJH1ZS0lzbRYw==
AMTxHcVHvLNwyogVF8SBkayHurU=
LOpN3n9Pjs2UI+oi1TMRyKqm1zr7Wg==
JDMgT/Us5w/NixQ=
MPSFlLYAFB3z
WeAEPsYnuT4RqJgSAw==
Cc9tepEFmnhatTrwHgQbNHQ=
iCGVsr8Lk3gUwXgo
+YX0IkWtcWZX445/IabQ
dFLJMtQdnup8p2CMDw==
TQ/GAhh5CP3nUMd/IabQ
g1OUvdLuvC4imZZbVQXxyGML
FRedytsqrpCA+9wIZeeMmayHurU=
k5OZ54nDlIIUwXgo
GCU1ZPY+TeKX9582
KvKuwGN8c9vk
o2mQnTrCiPq9omMhmTs=
SQ9FZuwk+GJXWA==
r03GDqMLl/PfqJgSAw==
2tPB6oKzhZBJmlhnzZUMHGk=
m2+cvlLotTEH66dwwkfq/WE=
q3caVHGpd7d1h9OXbjDFZA==
CRGk4vAfn6OJnUxqLhjQbg==
iWMbTe8F093BLqgO+ngcJlwNcKgjq6I=
fHqNrj+hK31YVwYQVdl8mKyHurU=
PdFOeITSUjj1WEJLw3odMKVyX5F+
gHn3IoVsNQfq
0Y0lPEaAWN7HfkZSpCo=
Ft3VK8QtvDcOqJgSAw==
ny+2CCpZZ4h9ggQ=
8vCHz/dK0J+cVlpl4BZRZg==
98HN23DUX+CP449/IabQ
WGVedgdp92Vib1sSAzVoM2UXdA==
jE+V0GLTkxnImVpuLhjQbg==
fH+MwGjhar95VkX4LhjQbg==
3KDpKcpkboxv3ZwwAA7MHPGW+vnCAKouQw==
bXNpgCfFQCUAWsd/IabQ
WeJovNkMktqDiww=
CNQjaw2BF4tXLu0g1k4JHWs=
AM32FLEjqfXfqJgSAw==
S005UdC8wI5lSg==
gIUeW4T7sZVUnRX9p8/gAWE=
FNsfiOcKA2cn0lj2NhG2aX4=
XfbL44O1hmVWT0T4LhjQbg==
5XPc6AuxLqeGxIQ5ExLY
ozOAzufTpw4=
PTo/bwZc6GJoYhQ1m5UMHGk=
e0gXXXrqnoNmT0T5LhjQbg==
5+m8191WIjXyVUVo75EqS9G+8l9n
jpkCKLEl5m8dqJgSAw==
bHflHKQKjOWqVlpl4BZRZg==
LgPADjaSkE8imlBcyZUMHGk=
JzZS0vwAFB3z
QU3iMYZkPMevwXvB+x9GYQ==
dD/hEBtT0LBtYBvwayI=
dgeEpazuc3NJsHgPFqg/YKyTAGJRH/mE
4X/R7YIBkgy1EwuLbTU=
3HPyGydx7cuN+7yxHxkPqkoD
o20ZSVqSZdmenJww
gocUQ1y7SSncoWUi
EB0uTu91NpyA7RvwayI=
Q0kkM8HLjYcUwXgo
BQuX5AItCpV/i0lot5UMHGk=
TRNzvtwlr5tmypR/IabQ
paulmontecalvo.com
Targets
-
-
Target
tmp
-
Size
696KB
-
MD5
07205206a527ceb42ff33e18897d3b01
-
SHA1
abe1605c002d6fea1f1cc3d18003e21d8e1ead84
-
SHA256
df240dd59b12cc79fd1afcbae82d36ba57cff186f18991a69fd42d1ef4639208
-
SHA512
9f8046acfcf5f680055e7dc92e96353a42934ed73e8278d7ad8d55821e2107df84759bb4cde3b7f9e89aa0f2c0a774ef0219dcdccec92c9baffd2925d19b8652
-
SSDEEP
12288:iONJgh/PsZ1DX/VDJ3YM16h7MeQhlELG2NKPh6M5RC7:i+Jgh/PWn7oG2UoM5K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-