General
-
Target
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92
-
Size
1.6MB
-
Sample
221128-sld2qagf41
-
MD5
22c58cde1f5c19593a4422d587191d7a
-
SHA1
745640178f53981d956ee556e62ae142b7563ea3
-
SHA256
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92
-
SHA512
59bb4e154f2407bc5865ca118908d4f35db987d0e533715978a75d09a0f73c0792a655bc872fd0d2a669445159b0b3c60af1a65975b3af98ee5a536bcf2b5d73
-
SSDEEP
49152:kqUiO+OQnwA1j7LLPL7Oh9wNlckfqhN+RtV6h:DUxendfj3YockmMXV6
Static task
static1
Behavioral task
behavioral1
Sample
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92
-
Size
1.6MB
-
MD5
22c58cde1f5c19593a4422d587191d7a
-
SHA1
745640178f53981d956ee556e62ae142b7563ea3
-
SHA256
76348dfc3a7f633511e4e41952b312af1a8c69375b2ddd244c9dc8c97fef1c92
-
SHA512
59bb4e154f2407bc5865ca118908d4f35db987d0e533715978a75d09a0f73c0792a655bc872fd0d2a669445159b0b3c60af1a65975b3af98ee5a536bcf2b5d73
-
SSDEEP
49152:kqUiO+OQnwA1j7LLPL7Oh9wNlckfqhN+RtV6h:DUxendfj3YockmMXV6
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-