General
-
Target
kCGCNKYCnqgQSEJ.exe
-
Size
552KB
-
Sample
221201-fza6rscb3s
-
MD5
e823afd1e909b794b2f2602ecadd15cc
-
SHA1
4c6d24c796faebc2b54f981e2f8127187b08aa4b
-
SHA256
33709e54333a4b6cc832c1cfbc3eae6d7c256642931f2fb6e47d26bb2d191cfa
-
SHA512
8a45b1d0910ad632a73f3d23d5c3dc63f745ffb3e318c91f4826a80666c983d5308abec58f708749124a84e101c97f6302ad3c2320016cbc18bfe8092a9e20b1
-
SSDEEP
6144:KoLEvklriDeOCH0IG0ocHtIgzH7R4u8pHrjstXlTna84yMDFqrnHKzYPrAV3+go4:FGqGNoC4P8Lj87QyMUjHZi3+U49jq
Static task
static1
Behavioral task
behavioral1
Sample
kCGCNKYCnqgQSEJ.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
rjwn
03o7kR/VYOT8r06ry8Ku
nhzRGt5dmI+rX14=
fxLQJLh1IdH3jGuZ1KBvy/sK4Q==
GAU9GqrQnwWRKMfS7KTmrg==
xyidkidiZ/CAIrOchLc38Ckd
qpaUZjfKUOAKBI+C1Q==
tn919W/lRcHaoraZK53frA==
zEQOdA3OY/EHnYvF7KTmrg==
MJALDhT0sw68hUTcnNMUVI/EiWY=
FwpKMs0PRYvGVxbSy3mxZtw=
9IBBwo1zU45kK0M=
baAZGqfBu1HmiS0OWuM38Ckd
+fUxM/QxXJmvPfzwdUI=
WZYOXSolDIEOz9lzR0c4UAA71p19tw==
n6Hftzs+TYbFBI+C1Q==
UdyBA9GXFou2hZJ1/W9ihcM=
jrgyH63jDVl3Rg3KVAhYg8M=
74f/sGdLgw0RrxLszsOs
rivUOgDVVdIGBI+C1Q==
eZ0hfm//kK/IgQ==
cOyWB9nBcLJgIe6MJJvysw==
uuQW3nDB5zE515iu7KTmrg==
kFZItj/PTXLXvV/8
SdWV6XEb4CxVA9IKhEeUMtU=
ZA7+YCScoo5kK0M=
xxqaB+Xv22QHm3sV5tiojr32e5kr
we10urhAkK/IgQ==
xHIjiT/6dZAk5qwj/e66jNIRzmJfb+4=
tpqPy81EkK/IgQ==
H/oAAuNh2mF6Ee0gmT6EHyc21p19tw==
DhpG0lPF+kwtG+IoGEo=
rkbubjj5dfvXvV/8
MhD5hGFD1uWFOUCE+nhi4kjTm2c=
28ayIatEvUVU/vmry8Ku
44uffAYW0BW/e0qry8Ku
+oQ4mmlmUY5kK0M=
9z2xkR1bUs1K3oWu7KTmrg==
m2db2VOl9S+XaWJdMWOm
73QkNsjpCEltIvzwdUI=
sW9l0ms9+T7Wk2Pxyr0ESkjTm2c=
dQm1EeTrtAeTJQO1n6oFSkjTm2c=
MMqG+Lp7YV/khkury8Ku
caIijU4NhQUdwBwjf1U=
DenkusP7awDXvV/8
rd9aXuDl1m4GqU5/Cr4sLQEL6Q==
j+BfT9DNkYp7KVQ=
imNRxEzwW8rcoVSry8Ku
UwClcUVdKmf8
2Uz8cjgFrA2TJcXS7KTmrg==
6WYjegWsL8PUjJGv3FOjIUjTm2c=
t0L8aveKFCI216+je6z3sA==
iroxmGIq0Rm3d0ury8Ku
YHi4soTzVY65ziSry8Ku
neFeYuPHd7n+v7uxi80sLQEL6Q==
jfm1IeWzNK22a2qCfLwqLQEL6Q==
LF/Hwz0h2Su9cGUbBgT1BFFqRl8ug/iX
pZvZ78UYM3U+0H4B0xRqVR0S5H/8vw==
rcQA7r4oVYmULtrS7KTmrg==
RX73/YB1XulzJPzwdUI=
EZ5jwEvwdgkluZiw1KBvy/sK4Q==
+5ytLx8LkZDGBI+C1Q==
N+/jWNuSgsXZhw==
6dXR+ICNgA2vR/xdkd0lMsgV
Qsh6jhYVA5YvtYwqAQk38Ckd
volpiventure.com
Targets
-
-
Target
kCGCNKYCnqgQSEJ.exe
-
Size
552KB
-
MD5
e823afd1e909b794b2f2602ecadd15cc
-
SHA1
4c6d24c796faebc2b54f981e2f8127187b08aa4b
-
SHA256
33709e54333a4b6cc832c1cfbc3eae6d7c256642931f2fb6e47d26bb2d191cfa
-
SHA512
8a45b1d0910ad632a73f3d23d5c3dc63f745ffb3e318c91f4826a80666c983d5308abec58f708749124a84e101c97f6302ad3c2320016cbc18bfe8092a9e20b1
-
SSDEEP
6144:KoLEvklriDeOCH0IG0ocHtIgzH7R4u8pHrjstXlTna84yMDFqrnHKzYPrAV3+go4:FGqGNoC4P8Lj87QyMUjHZi3+U49jq
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-