General
-
Target
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
Size
1.1MB
-
Sample
221128-wecf4ahd7w
-
MD5
36d0c2908620bdfe773f4fc6e419aae8
-
SHA1
1a41c284bfc185f3bc49c57370d6712276de7559
-
SHA256
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
SHA512
ae75ec1f231780007f4596aadaf0e54193bdc4ed222d4dabaed0c8b595aebe4d4273cf93ae30d7af95cd2fa3f9e17ec155bc2e8a38844ab07ff428a75c0533d2
-
SSDEEP
24576:XkLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Ux6
Static task
static1
Behavioral task
behavioral1
Sample
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
Size
1.1MB
-
MD5
36d0c2908620bdfe773f4fc6e419aae8
-
SHA1
1a41c284bfc185f3bc49c57370d6712276de7559
-
SHA256
5c0982788147e5baaf956a522facb8c0b88c4608d5e199526f4125c43924d194
-
SHA512
ae75ec1f231780007f4596aadaf0e54193bdc4ed222d4dabaed0c8b595aebe4d4273cf93ae30d7af95cd2fa3f9e17ec155bc2e8a38844ab07ff428a75c0533d2
-
SSDEEP
24576:XkLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Ux6
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-