General
-
Target
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
Size
612KB
-
Sample
221128-ns3ansfb8x
-
MD5
22e87999f93e9368b2272cdd49cf49d7
-
SHA1
68addbfad46359c58eb68dad524db6294838e02a
-
SHA256
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
SHA512
4fff863181463b78b11523eda50ef67b80ae0964996fe4660db31fafa22f5a203551dbd15836534c3c426d2351ca6038a0d1eaeb1833b03c2ca9eefaff00e3e6
-
SSDEEP
12288:TMF/qkQz5Vj+OMR8HnTgLJuAliyJ5/wd8ln4R0tW1cPOVk:IFvS68HnTgL4yD/wzR0uc
Static task
static1
Behavioral task
behavioral1
Sample
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
Size
612KB
-
MD5
22e87999f93e9368b2272cdd49cf49d7
-
SHA1
68addbfad46359c58eb68dad524db6294838e02a
-
SHA256
7765f79c31ac9fb10bc37a24b769738c61d2f562b0758c3a0a4ebe176ae0d7de
-
SHA512
4fff863181463b78b11523eda50ef67b80ae0964996fe4660db31fafa22f5a203551dbd15836534c3c426d2351ca6038a0d1eaeb1833b03c2ca9eefaff00e3e6
-
SSDEEP
12288:TMF/qkQz5Vj+OMR8HnTgLJuAliyJ5/wd8ln4R0tW1cPOVk:IFvS68HnTgL4yD/wzR0uc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-