General
-
Target
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
Size
1.2MB
-
Sample
221128-pxvl3ade42
-
MD5
ceabbc90cd1582f1e9b6bebaea1684f1
-
SHA1
600f41cb2a056208e1bf928440643f617478912b
-
SHA256
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
SHA512
666487dd5204b3a467f23bc874604b7984472856a696795cbb68988c98781b16cf92b425619290aeb1ac4d520d25b22cf83718e54a73616a979ea6da39e78f95
-
SSDEEP
24576:E2a5a9gHSaExU8QGqpwI8qknngTkRuCdfKLtlsDbS4kfSgJ4VHa6:A5a9gHSNUjGqpN8HnttdifsDbS48SgJN
Static task
static1
Behavioral task
behavioral1
Sample
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
Size
1.2MB
-
MD5
ceabbc90cd1582f1e9b6bebaea1684f1
-
SHA1
600f41cb2a056208e1bf928440643f617478912b
-
SHA256
41cacd0a1beb6dfefc7232166910ea87e447024361d26b03e1aba73df0b6f04f
-
SHA512
666487dd5204b3a467f23bc874604b7984472856a696795cbb68988c98781b16cf92b425619290aeb1ac4d520d25b22cf83718e54a73616a979ea6da39e78f95
-
SSDEEP
24576:E2a5a9gHSaExU8QGqpwI8qknngTkRuCdfKLtlsDbS4kfSgJ4VHa6:A5a9gHSNUjGqpN8HnttdifsDbS48SgJN
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-