General
-
Target
Order Specications.exe
-
Size
238KB
-
Sample
221201-k575xagh5t
-
MD5
c72a49e97664c9b70f96c90495bd9224
-
SHA1
16ffe09a3e7376946751825dabd50534f7d2a3f2
-
SHA256
d4764983c36112e601465b868a7300521a22603ad82be39dc5f3a796dbafc1d3
-
SHA512
abbf1e9b8643889dd5115817dad630d3b7162c45d92a8fb43fa7221ce0107cf5e67908d64aaf78c2e4c84ec05077a10bf9f887e44a7a270caa5b99ba8d86c3a1
-
SSDEEP
6144:QBn1QmZY0qzXqPLoZiQpUNmkoRH9yrDwbP8EDHjd:gBZY0CDpUNm5dyvnk
Static task
static1
Behavioral task
behavioral1
Sample
Order Specications.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
0pnv
UeENxNlh2xN7FieUBpBO5lfm
VvcQB1LzT23hsKXRjUwN
UVO18MGf5AY=
oVF8eOF3t9kzAV7CeQ==
jxtEEGsdit4/yuxAdkB8E7LhuAs=
+Pyb8Pke6z59Fg==
pVcPluOJ7ka2WgGWOCCXNw==
5LDqHC4BbYeYhIb0
7pJjqueb8CWBTHLBDsSrEmnUoCy9ui4=
tB4+XKJLlrcv9ARTgCMfXbLhuAs=
4ZM3rO+R/mKOSkpPOQm3KYs=
sKlboNhxxswqHV+UYA==
Ld8s8DrxSqXbpro=
ZSMbPsuFz+gK3msQZB4=
W99Y4Ho8nu1UFo7EOCCXNw==
p48821D7QKXbpro=
Arvd0En7V5D3r1eofzZ8E7LhuAs=
dBc8LKJhweNJFVW7ewE=
BK3FWptVndAtAV7CeQ==
G9eJAmIDDXLur7g=
nxu6Al8UWnDWmKDRjUwN
5yPqQEHML3qYhIb0
2pE3uj7hJUy5bd0go08F
wn6YnfqXrROCFpsSIMvFO5U=
CL+Jywi+FqXbpro=
V06GqiXeQHvpppvRjUwN
KNEB6Tb2Rm6YhIb0
wGd8dOyi7P4ps1qpOnG4UrLhuAs=
cwP28HQ3FrfVX2rp
sK9sEmQCaoezU+5Y9J+OgZHx
8Jaw9fsyLcnggqc=
XxMeH2Y/domhhy6MDBKJf4fw
aNzOrN933yGrUOtkMcX+rs8u0BY=
v4Feg8uHyIGlYxrm7+f60rwTkQ==
2L9Zkvyz/DyoZo0kq0jJprPhhg==
fwuq900Kfs4a0NkUNgm3KYs=
Q8VlqwKuFmnIRP2WOCCXNw==
0cd3qrJMvA5yIGVoiRY=
iQ2GehTAF0BwU3iifA==
c26YRn43iLEPls9U5J6OgZHx
1oYsn9t1td5UCGVoiRY=
8ou4q+Z75yCJPMe5tUdPbIM=
9bMyW2oMftZNE2VoiRY=
ou+RD5aKu/Ro
qHjuIvPLEC1nGg==
SREDHpw1l+MK3msQZB4=
zDakFWb/b5bVgwyWOCCXNw==
vS5ZJjfR6z59Fg==
59QiIpiWuAx1
QsFvrcVlqco5+gxHd//B7dQ7I1/reg==
urHdIH4dJ4LadvL8
vyeTDncsboHrtVzf56fTR9A9I1/reg==
/H+Im4iDeBvtAV7CeQ==
s04++Auc7PQoAV7CeQ==
gjqoKDz4R26YhIb0
/se5dsGA7A4zy3PKOCCXNw==
0sWCObOKu/Ro
9eOaWvWx9P4yF1agVw17Iw==
XU1kLrZytMb4cMkDi0UF
GoUm3WMJS1qAEWVoiRY=
fDvoqLxmxOwoAV7CeQ==
C/2i3BvTN3GYhIb0
LtvNirJ08BJ2FmVoiRY=
4akhvksFTD6kdHVh966Pwprv
pcmigrationpro.com
Targets
-
-
Target
Order Specications.exe
-
Size
238KB
-
MD5
c72a49e97664c9b70f96c90495bd9224
-
SHA1
16ffe09a3e7376946751825dabd50534f7d2a3f2
-
SHA256
d4764983c36112e601465b868a7300521a22603ad82be39dc5f3a796dbafc1d3
-
SHA512
abbf1e9b8643889dd5115817dad630d3b7162c45d92a8fb43fa7221ce0107cf5e67908d64aaf78c2e4c84ec05077a10bf9f887e44a7a270caa5b99ba8d86c3a1
-
SSDEEP
6144:QBn1QmZY0qzXqPLoZiQpUNmkoRH9yrDwbP8EDHjd:gBZY0CDpUNm5dyvnk
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-