General
-
Target
payment_copy4_receipt.exe
-
Size
535KB
-
Sample
221128-17ybgshc42
-
MD5
9c00e5d71c6c53c475e416ce9a99c09f
-
SHA1
2b38c81029cd53a3bb8d6c250f67d77b4f7b565d
-
SHA256
f1c30b378d3eef6e701672f8af445260991df54f18a922ef13759c83e64386da
-
SHA512
9b4970b6669fb196ed9ca6f906c94e0e7d417dbb87e96a513cd75d01514035ce479aa94f0c7fcd50cd66a6a2b00555723af4432192c117a5836f6c456d5ab2c4
-
SSDEEP
6144:lBnlWGbq9Dey0ua8QMaDeQ0mjqKzu6ueVivo3+QivOqN:w9aeErDaylRuuIJvD
Static task
static1
Behavioral task
behavioral1
Sample
payment_copy4_receipt.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
veh0
eulOjQZkipo8
QwbusPrEgpY4
wa2T8+F5rPaBwA==
pHqtrZbvmnkn
FofuGpY05AV1GXzK
QzOsho4z81BsDSpsVf4=
M7qvjwRJ9Uh9sjUPKjJhQHSPC95K0Mb3vQ==
RpDcjMjmrPaBwA==
DnavFlx/AnqVWGkqQw5YGE2yhnrr
fXToBli75WjZUWTwfg==
C+zIIgw1oRGbvqpcfiRFw+MQNA==
a7STeCtyL/CDTAp26zFXE7DXKQ==
DIbpI4a5R7OdZsE=
DoDgGKtSGd1qeqA59V1sAPqn0uBEjCo=
ZfDZ6qHkgbzS75ebtUeUKBg=
miCSMfAn3B8xP8LXw94C
L/zGMQOscy3C0Ox24IGsxQ==
rPlWqyNf+Q/FflzeWXbHY5qx
aDRsdSnOrAu32Q==
tTKuCn+pT5y4wzVmA07fcoyo
kN0SlFl2H7OdZsE=
rQ47tnWpcrzDYZGiuoemp+dDhY72
Rp7NDpPYg7m807dZyGOiwQ==
HopoY6LZj0K/UhOeFl6sfI+kRDQt2bZY
MRlKSouXEnbQVqDMG/c=
elrCjG+HB6VKaY1C/E7fcoyo
DfYsCxq8t8NCbNY=
wqrcrCNtIWlvGCpsVf4=
QcK5wv839sRW9J4WxVWgV8zSIw==
6OrhaRtOEGKWvSpsVf4=
QBxX+QOfUK/HipFALp4CQ6/4E4Y=
UjxtLChv9WPdtd2HdQ==
a70Wv+KEN5KrOhza5EpZE7DXKQ==
NIDn8SWqrPaBwA==
BtgK0cf/iBSLQAyC0Ize3A==
bLVSo9wOswRyA6qbKqn5dtalPGqoaw==
Vt42pudKSRHB3Q==
ypn4w7LZjO2RwQ==
PaDPM3WaJcl3d6WXtUeUKBg=
O8S4ohZ0pa08
W8b4N6/sd5nD4ISOSGeYyw==
1k6t528S06FQVEx6jmmSqRA=
1LsPMYCuM7ZCQYnmfQ==
VtLD0Q5BGy7PRwbiEfY=
SyyTeahERCnT1w==
X8IYXOBlJgWxzvJwEniQJwqljSlikyI=
vKjejMYcwQE=
MnytKeMZySFWy11dTPw=
K7gGlLfkVfaszOV00Ize3A==
srmi8Hyci3Al
HvheLBIqlyKxxLEWylSeV8zSIw==
Lb+qhprRfiawxOl30Ize3A==
ePw7dfyrmqdeQYnmfQ==
YT2HNyGoZaKmSimqCNIl/CS4qyxRkgxSpg==
3lhff7TYc/pnH+h10Ize3A==
ZUlA2AizpDt2LHSEtEeUKBg=
W0x8cbzirPaBwA==
00lQZKnOrPaBwA==
fkqAQUF4+4LvqnLXw94C
9mTB9l2FHXaRIP7G4EeUKBg=
MLL+bxcu3FBsDSpsVf4=
93vaEGV8JLOdZsE=
8cHwtyBPu8BlIZ+EtEeUKBg=
rw3o/a1YGdBSSzHZyUqbV8zSIw==
projectlis.online
Targets
-
-
Target
payment_copy4_receipt.exe
-
Size
535KB
-
MD5
9c00e5d71c6c53c475e416ce9a99c09f
-
SHA1
2b38c81029cd53a3bb8d6c250f67d77b4f7b565d
-
SHA256
f1c30b378d3eef6e701672f8af445260991df54f18a922ef13759c83e64386da
-
SHA512
9b4970b6669fb196ed9ca6f906c94e0e7d417dbb87e96a513cd75d01514035ce479aa94f0c7fcd50cd66a6a2b00555723af4432192c117a5836f6c456d5ab2c4
-
SSDEEP
6144:lBnlWGbq9Dey0ua8QMaDeQ0mjqKzu6ueVivo3+QivOqN:w9aeErDaylRuuIJvD
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-