General
-
Target
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.29757.14304.exe
-
Size
254KB
-
Sample
221130-cy6dqsdd7w
-
MD5
2832483a7a311902ae9fa5d7b6cf6eda
-
SHA1
cebd82649420adacb8a382665f175d479c8655af
-
SHA256
9fef2569a2570b70806120838c82b6012d36790205c82254b848ec862005ec3a
-
SHA512
652a448d43b5e7eda69018eedb17297f963eb771606096413fb1b7ee4f7b4da35c80e1aebcacf1954456267e23a1507b08a3a35bb318c4573b492c3a867d7f50
-
SSDEEP
6144:LBnbpM4DXtWFfsHj8DANpiTGgfKxtQD+R075MLx0r:FpTDXmsHlNpYGgwt3R0leU
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.29757.14304.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
k6n9
NzUYPBPnE+UWNJX0b/5zZQ==
ZcsDmdfNeiREr4loZ9k=
p4Pecr+pmTFp+Az4AGoSpvqp
4jwUP0ApYThdpDmZcNp+xuej
0tmQjRQKSQbR0N86
MgfR+qwWljDdagbsn8Ukr8bc8A==
shQ3YCpOQPp/9g==
Q4mmwEidJLBJug25c6Vxcg==
OM1kEJDdGNpv7nMy
7FmP1iykTQZ7q0Hq5g==
9lVGWV44H63+A5oGc6Vxcg==
Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE
xJMBmQj3MRDV7MBXzEep
mJpebAH7RkkGGbsZwZ/weg==
u6FXU+JCphyVyCsUBP0Spvqp
B/mwulPBDRm5q0Hq5g==
E+JiHcUb7gR+8A==
BgGOL5SLfQ9BzuPDxzeVKEIuOKDL
wZdfmzTbOcnEF3Mi1QnVpPCo
J63Z+Jv5L+JOhd+zc6Vxcg==
IgTWNszonS66
JJLVZ5p7Ye0esJBFKpB1gp9qPIXB
SJpxmaKEh/Dwe0xyZNE=
xsUw0kqVZjjMGbsZwZ/weg==
oJ5hawcALz0Sck8=
oF0OIcLonS66
wKMurq0dfQ29Fm0k01KpXnwOVkjtHSIsJg==
3spAtPvj0mNaliiTLSP7sQR9+A==
27cSuCoUOfHyYT6YTj4R3zYuOKDL
+QffF/FhHSEZZ00=
JASzumTKM8Zyy91Hw+3a1u93+g==
lIZZlGTVTd1go7VXzEep
PhCGHoZseeSv7Ufz7g==
9GfPX450yp6fEOKD7VGw
ObrDtmPKL5M0orJXzEep
AMt6lj+3ZQyzP9nVn8Ukr8bc8A==
cohLVe5E1vSL+g==
GRSfJ3xdm2hr5e3h80+sesp2lda+YszE
LiepIk4+Pbu6A4c2DfwSpvqp
1GCzadTonS66
aeb9JhiHQ/0SRvJaHf0Spvqp
a9UNouPB9PVWkJQG1sSh
tzEz87wg7gR+8A==
k5MSpgToH/IDgExyZNE=
imO/dAho3XYUU6iBhnhDGC/RD343JA==
PRefVZXonS66
c+hD7BXuNyQxb/Guc6Vxcg==
0BkTBTyNDRG2q0Hq5g==
4bdhB0c5FdLNXkOXUj8dHjtIUoWbHSIsJg==
WSPnIPRmJuZwq0Hq5g==
0LEjqQHx3G55sUxyZNE=
sRD+EO9b7gR+8A==
VzzLZdLonS66
5t9I60w0byjMEWtXzEep
CXOCrZYBawPAGbsZwZ/weg==
WyuEKrEdhXpg2cFXzEep
ifc4vsCPSgYbc00=
SKOdlgStLdZ+jzYO+w==
iYsRh7aXhz0Sck8=
6LNS7gHx7gR+8A==
bMK9y7CHUQLr9lQFzsah
3L95egVeMQuwPZ0Cc6Vxcg==
MH9ZeW3pUtZbb1c=
qa1H5E07ZAnR0N86
api2022.top
Targets
-
-
Target
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.29757.14304.exe
-
Size
254KB
-
MD5
2832483a7a311902ae9fa5d7b6cf6eda
-
SHA1
cebd82649420adacb8a382665f175d479c8655af
-
SHA256
9fef2569a2570b70806120838c82b6012d36790205c82254b848ec862005ec3a
-
SHA512
652a448d43b5e7eda69018eedb17297f963eb771606096413fb1b7ee4f7b4da35c80e1aebcacf1954456267e23a1507b08a3a35bb318c4573b492c3a867d7f50
-
SSDEEP
6144:LBnbpM4DXtWFfsHj8DANpiTGgfKxtQD+R075MLx0r:FpTDXmsHlNpYGgwt3R0leU
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-