General
-
Target
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b
-
Size
2.0MB
-
Sample
221128-wvt13sag8w
-
MD5
97be38c59938ec4fa566da5c776fea87
-
SHA1
1f1c02b4134c757656062b8718ed9a91fc5db7db
-
SHA256
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b
-
SHA512
06f82bba386c838e88a1e9c2585f92a4f939565cd1f380b7ae16e0fd7426999639d0fd517a9ad0a6d759a659d7e2b30a957c5159e871034c0fa1bcaf044fe126
-
SSDEEP
49152:sMMMMMMMMMMMMMMMMMMMMMMMM9MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM3:sMMMMMMMMMMMMMMMMMMMMMMMM9MMMMM3
Static task
static1
Behavioral task
behavioral1
Sample
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b
-
Size
2.0MB
-
MD5
97be38c59938ec4fa566da5c776fea87
-
SHA1
1f1c02b4134c757656062b8718ed9a91fc5db7db
-
SHA256
c7f8049e5f6fb12cae4118af2097f9337d32e0134866fb9f0f606e492b1b253b
-
SHA512
06f82bba386c838e88a1e9c2585f92a4f939565cd1f380b7ae16e0fd7426999639d0fd517a9ad0a6d759a659d7e2b30a957c5159e871034c0fa1bcaf044fe126
-
SSDEEP
49152:sMMMMMMMMMMMMMMMMMMMMMMMM9MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM3:sMMMMMMMMMMMMMMMMMMMMMMMM9MMMMM3
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-