General
-
Target
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640
-
Size
449KB
-
Sample
221126-z19v9sec96
-
MD5
205d5d949e8f30087b6c4627976305a7
-
SHA1
6057323edd66c094604160ffc5c5dda6720084a5
-
SHA256
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640
-
SHA512
b4510659794d40c7764eab3a0e2c235349e7b2123812d233c21fabe6d42a700a9d9451964b97af9007d3fab33f946ab285e963b3b94b2736a353a24928f76d26
-
SSDEEP
6144:PwhRhJY9Xmu9OaAA/5gpPVBtNpMGS/l8QJCUN:4LJY9Xm6L5MLpM5/lVTN
Static task
static1
Behavioral task
behavioral1
Sample
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640
-
Size
449KB
-
MD5
205d5d949e8f30087b6c4627976305a7
-
SHA1
6057323edd66c094604160ffc5c5dda6720084a5
-
SHA256
6a287290942d279952fa0ff4b6cc239e3e4122b24d81105f2207ada9b203b640
-
SHA512
b4510659794d40c7764eab3a0e2c235349e7b2123812d233c21fabe6d42a700a9d9451964b97af9007d3fab33f946ab285e963b3b94b2736a353a24928f76d26
-
SSDEEP
6144:PwhRhJY9Xmu9OaAA/5gpPVBtNpMGS/l8QJCUN:4LJY9Xm6L5MLpM5/lVTN
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-