General
-
Target
2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe
-
Size
239KB
-
Sample
221130-s3498sch67
-
MD5
0acb5bcb968b08f9fa0275337eaf9d81
-
SHA1
9ff40194659288c71ee7ff01435eac29d5d55004
-
SHA256
2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc
-
SHA512
a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a
-
SSDEEP
6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm
Static task
static1
Behavioral task
behavioral1
Sample
2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
n2hm
XCeG4IxNKbAl
YzJWbnC+El84nA==
KAJcdmP8yEcO5LXPCFF42Wfb
I+J+xYO95GJQWVU=
GtgxPPv3FmQmhw==
Og9NYF4xEl+j7vGTR93xvg==
506Cg07bsT0G6yK+A96H0h35V+JLkwI=
wAYXFN+pSFIXgQ==
ijzLI/f+FmQmhw==
UfT2PweNm+w8
GQWVw5aZnfF/kS5e
30BKYjua9zcA7gAwsPUngLnjyrBNEgo=
AM65OrmyFmQmhw==
VSlTVxISZ4J/kS5e
GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==
B9H98cUUfX+AWOqiTA==
MxVffWOIoVnM37zrd2sTaOY=
z6bxCgG/mGhR7oDzQA==
pQgSLSRi6AK3M/PdArpX
6rRRsYuSnXx/kS5e
tJRNn0ias3Yw
7c4NEQLSp/R/kS5e
TJmwu5Aa/IuRHtoXXQ==
TLoRUygkiJQE5GoRji0aff0=
Y83qB/DsQFYeZzahj6pYqw==
Bup2q3PHFmQmhw==
cDTa78WEWaYMdoDdArpX
28Rw4MRMnjT52raaTR5KhtMJYa8=
WydpZS7v/4XubCZuhkdxP2OAKdyK68u6
B+osKudaL8yAV/K/VAH3T+Q=
qVz9Y0QD3TGeM/PdArpX
+r49VzlFXLpFegdyc4q5ow==
gsXk990afa1hl6ATTA==
XkblOQWRaet/kS5e
4TNPSf2OcfNk9cfPCFF42Wfb
NaIIUEoRdKYr
ITSqBfn5FmQmhw==
KPRUmWnqxVE0hERFtyo=
VLzd1qk6E5wNcQ49KnmhAoT3Ok5roMK4kQ==
65jM2pKJ8EIST04=
I3+JoYVgYgDiv3O15Ntvw0On/sJroMK4kQ==
C+YhNzH20aCpy8MqVw==
yBZRl4HdPn+RHtoXXQ==
pGQATg0mMfntSBR9c4q5ow==
YUKFixIRdKYr
Hv+C4cZTOMAKV+/dArpX
MVW+PJpyCVA=
FX2AJYBFYbgk
/cX1CsjSpvU+
fWoThWagDVhBHt4yMjWQifM=
/vCd69xrS8QwuCt/yD8=
GvAsSzbCRxplG582TKzVug==
S6zlGfJ6DFc4TBNUvig=
k0z/QwnTpfR/kS5e
KPofKfkPcoRqxowFuWWNhvM=
Xrj+JvENc3yBln4OUw==
ScTatpYj/IKRHtoXXQ==
vLRdwbLyTpzFn+dAR93xvg==
mLTJe/eFp2kxl69W
Cbr5/dRQbio2P/e8ay0aff0=
xooviWn51V7DI7mMOwWT4lCIJUlf
l0t7fTmLqSCAuIYIVA==
06xFejwYMSkbfETTiNT21O0=
bWzTF+1nS4kxlydW
madamkikkiey.net
Targets
-
-
Target
2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe
-
Size
239KB
-
MD5
0acb5bcb968b08f9fa0275337eaf9d81
-
SHA1
9ff40194659288c71ee7ff01435eac29d5d55004
-
SHA256
2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc
-
SHA512
a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a
-
SSDEEP
6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-