General
-
Target
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868
-
Size
1016KB
-
Sample
221126-sc54vafc5z
-
MD5
4fcf858d501c24cdb9b14dadc906f5c2
-
SHA1
d5cf9a07cbc8d1640db4a3d0cfcf6c38905ee104
-
SHA256
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868
-
SHA512
704a32765906226c442074c36159756d11db0020d407ca5b2c61f8b01926dd9c46919531450c9593c5bdfb10c269dfef4e8ff2c00ecf8e5f9432aacfba632878
-
SSDEEP
24576:5yXqa5T1mYh3HZbalXpaQTJUOcsNQwIkWpD13q4UQ+dU:EBTfHZmlXpewQwIkWr3q41+d
Static task
static1
Behavioral task
behavioral1
Sample
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868
-
Size
1016KB
-
MD5
4fcf858d501c24cdb9b14dadc906f5c2
-
SHA1
d5cf9a07cbc8d1640db4a3d0cfcf6c38905ee104
-
SHA256
63f204b8435481126056af777f85462f0bdc4f5c40c850eeba1df60e56ab7868
-
SHA512
704a32765906226c442074c36159756d11db0020d407ca5b2c61f8b01926dd9c46919531450c9593c5bdfb10c269dfef4e8ff2c00ecf8e5f9432aacfba632878
-
SSDEEP
24576:5yXqa5T1mYh3HZbalXpaQTJUOcsNQwIkWpD13q4UQ+dU:EBTfHZmlXpewQwIkWr3q41+d
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-