General
-
Target
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a
-
Size
394KB
-
Sample
221128-fb2c2sbd5z
-
MD5
7a35101aad6d97ec448aeae1c4ce23ba
-
SHA1
49b5ff89c61620328f2cb4b77319dc85b1460997
-
SHA256
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a
-
SHA512
61d60b11d3166cfa83d6021545b833c696f0e622b4820f54b27f2d9d3e9406b60ad6f266c006820bfe4523267e893da8067d8a89467b7765728b7383ddec811c
-
SSDEEP
6144:/XklIFkOBUXUlhtsN8LsCUDJk7lymC+xiz+TLJ2edKOVVdk3VMLF9Hlgd/J7SvL5:BUEloN8gNDePVxiK2uKqklUDlSRkL5
Static task
static1
Behavioral task
behavioral1
Sample
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-4063495947-34355257-727531523-1000\RECOVERmvgvu.txt
http://kkr4hbwdklf234bfl84uoqleflqwrfqwuelfh.brazabaya.com/D5C7915318EBBA4
http://974gfbjhb23hbfkyfaby3byqlyuebvly5q254y.mendilobo.com/D5C7915318EBBA4
http://a64gfdsjhb4htbiwaysbdvukyft5q.zobodine.at/D5C7915318EBBA4
http://k7tlx3ghr3m4n2tu.onion/D5C7915318EBBA4
Extracted
C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\RECOVERfysqm.txt
http://kkr4hbwdklf234bfl84uoqleflqwrfqwuelfh.brazabaya.com/D48285AC525BFFD
http://974gfbjhb23hbfkyfaby3byqlyuebvly5q254y.mendilobo.com/D48285AC525BFFD
http://a64gfdsjhb4htbiwaysbdvukyft5q.zobodine.at/D48285AC525BFFD
http://k7tlx3ghr3m4n2tu.onion/D48285AC525BFFD
Targets
-
-
Target
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a
-
Size
394KB
-
MD5
7a35101aad6d97ec448aeae1c4ce23ba
-
SHA1
49b5ff89c61620328f2cb4b77319dc85b1460997
-
SHA256
ad32f22bde25453f1ac5956c8c46a7f04218b239e816790dae4d0a0a69c9f01a
-
SHA512
61d60b11d3166cfa83d6021545b833c696f0e622b4820f54b27f2d9d3e9406b60ad6f266c006820bfe4523267e893da8067d8a89467b7765728b7383ddec811c
-
SSDEEP
6144:/XklIFkOBUXUlhtsN8LsCUDJk7lymC+xiz+TLJ2edKOVVdk3VMLF9Hlgd/J7SvL5:BUEloN8gNDePVxiK2uKqklUDlSRkL5
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-