General
-
Target
ewe.exe
-
Size
947KB
-
Sample
221130-gesezseh4z
-
MD5
b39bb6d5236d059f15e0c303119ac2ac
-
SHA1
169bbde66c91ec403e5378e3af49b7e038739a59
-
SHA256
bab8c0c9b3c3cebaa6f32565eadd1733308973fade84142c07bb1d5608fc6a0c
-
SHA512
c64992edf997a67981a1a8fa59176c1b8430668f31f86af546196e2944e477e8ff89ea298ccbc9b0cd4e7e5b5fd40f4f616b838c6e75e493854c5af6a545183c
-
SSDEEP
6144:CE0WCLnQX46PiAdNF5miUfnKk7gDaKIUzjmVqJE9/UxaGHXvI1N7nRl3kgbIpxC3:8WCLQIClF5mHKQSdiqosaG/8NpDAds
Static task
static1
Behavioral task
behavioral1
Sample
ewe.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ewe.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
dcn0
ZVx68vDtAMBCwg==
oBMBvsNORkM/O/ox
Ff9pISWkm6eG4lByIspp
c2T42c6CIIF6B8xTxm9XzpVw
bvjhxRbnAC183w==
0lTttSNG4HUDNflyIspp
hPXFlstqiHA/O/ox
WLR+MeerxZ0cNn1ja+IQAYo=
IHRn4xXOVKi477zarG+ObSy7YJA=
Xhf3e+tdAC183w==
Xk0ZAezv2rWH
kngo+vBeSRN7AszNwam3Osmguuqc0MoC
a2Qp7a+E8fSw7LDjpnqEKjsRZA==
3zjy4E7+QM48wg==
YcCmqT3OUNAigVott2pBKiy7YJA=
4+SMeX1juat/5cZ1AZihcyy7YJA=
/+m7sro0OBTl3TMpCw==
i2ctEfe4//a64yklMsgS2J90
+loZ2QKGX0UWgpvErMs=
b9BNCnJWQJS8IfsR0uR3bCy7YJA=
9eiUYE0ynHE/O/ox
F2/75pOIYNg0hzOD99192J8=
Y1xOONdO105okfha33EZ2A==
qYZIIB+dfF0wp1nVWFz067hJ2/qoXEVeAA==
moQMzat7tfKyKPYs
aMZJI/NfUSSpPQUBJ8/11g==
QKMN15GjpHcpyA==
6+S1hTvphhFfoCdj6tw=
DPynhWcnZWho7a0p33EZ2A==
EXY//zDm7ej3Guwo
PSWxPYkk0SNioSdj6tw=
jv+tmhv1ySZloydj6tw=
P8GUV5BhNZflCCBBFg==
IQZ0PWog1lcVVkJYHg==
aOTCq/Cet6AdhSdj6tw=
OBzJrqYS+eac46nZo4aI84kWMEtH
kBzTkbI2LTo/O/ox
a8pwOrU/tyx93a/QrGBpXGQIfZI=
GWoC9K5Mx0GR34urFcDPyQ==
dGxKGM2FI4iAkTOD99192J8=
UqQv8Vkx7WzkCCBBFg==
NcBsPK+YmdZP0cyhY+Lrzw==
zcKbk5oK7NCgFOpa4tHv0g==
uIomFkUTzdWa
QkAF8NuWMZmnPjCFgJBa+Y1t
51w6Gw7c3NyY
IyDnsW89dXaMrAxotF8jGZc=
1s1RHCrCwI8PnVhMY+Lrzw==
zBnRazUUWCsrM5t0SEth
1z4R/XM98Wn3j1RMY+Lrzw==
h3b34yQL3cI8wg==
/+27PhUTzdWa
CO0jnOIoAC183w==
Cn8jz+pyZEfWCCBBFg==
jI4f4NnKFwoSUb4YbnkzePzLv+Sc0MoC
xZnrS1Y+5Sxv1g==
phjYsTTGW8zAMydj6tw=
v7JcJyW3x64phzOD99192J8=
tBJ+Uh3sJxYqbyvrfF6BKjsRZA==
xRTxyfuTgMhGxg==
6ceNTfir2qmQHtxWwqIrI8GQ7h/Te/A2CA==
00gVx7d5/U5soCdj6tw=
Jgvgt58H8MFLfBzTp1VZXCe2ZYg=
1NKRY1QTzdWa
ahmedo.ch
Targets
-
-
Target
ewe.exe
-
Size
947KB
-
MD5
b39bb6d5236d059f15e0c303119ac2ac
-
SHA1
169bbde66c91ec403e5378e3af49b7e038739a59
-
SHA256
bab8c0c9b3c3cebaa6f32565eadd1733308973fade84142c07bb1d5608fc6a0c
-
SHA512
c64992edf997a67981a1a8fa59176c1b8430668f31f86af546196e2944e477e8ff89ea298ccbc9b0cd4e7e5b5fd40f4f616b838c6e75e493854c5af6a545183c
-
SSDEEP
6144:CE0WCLnQX46PiAdNF5miUfnKk7gDaKIUzjmVqJE9/UxaGHXvI1N7nRl3kgbIpxC3:8WCLQIClF5mHKQSdiqosaG/8NpDAds
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-