General
-
Target
PROFORMA INVOICE 103321.rar
-
Size
804KB
-
Sample
221201-kecajsag34
-
MD5
4eb79c4fa6acd6d50d82b2f3cc6ae1c5
-
SHA1
e14a3d0ee909418f534e9c457d0c8e8a4f1416ca
-
SHA256
2e104eab7b0a3da0b429304eb0e738fd75f7c99dfb368a3a0c70ffd1d4206c01
-
SHA512
2306e493d03f52ef217bd0b550788e55dc4be7b023da47a4f8b99203b0d90c569d3186aa8ed6a48cfb8806fff108e3656c8cc3ec85c76d3acc7747bfd7e3c0ca
-
SSDEEP
12288:HmDIqmgXdq5tPOpsAfOpy7lG4Roh81TZP9STlukqBYn+so6sFyD1xrlukYjp:HgINgXdqjOGAfOZis83P9tiXtD1xR2jp
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE 103321.rar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PROFORMA INVOICE 103321.rar
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
PROFORMA INVOICE 103321.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
d8ax
wQDD4HkJc+vErnk=
j7vdn039QTY5Gcs43SDb8R4gwLgFCI7s
ZqPN0enMl4As
kKK00fOMq6KZmHv6kZjEiTm3l1o=
CxCTti/0Dcs5qly/AVHoTg==
5TwVtD3wcevErnk=
/ieoWNXMl4As
caK67QvHGhmiEuKpidX2RA==
Bbyy3J6D1Qw=
LV5N2gOocvpbA/OB/w==
k7k2OMNsBY67libDOi4=
wuDokhS1jLo4mA==
RVGz6anMl4As
la40BCHFwoI/rpugbdoaWQ==
XmVnfY0nNACG5si5u8Ds6F79xw==
dpyQTuytl0/bShsFIYUaHRzIL4quYwxgTA==
yvmesDDPpTSrLhf5GlvvdaCZekhAsg==
obTEXhervaSWkSbDOi4=
ClZogXcOT1DcPyvgOKJM
Drlokv/cjLo4mA==
V4oZcMaLgjLLXfXt+g==
8BRWc4dCh+vErnk=
gZs1StGIWxHCXfXt+g==
kNWGiRXrqi1iPQlc/GU8hYQ=
nJQn54uLlWECXfXt+g==
2AU1AaNCuTog/+7M7vL++nxyjAYhug==
gLTciPW1cBLCXfXt+g==
7h7ZsWhwmJQ9Yhfd
NlFTcDIRY5WSlA==
KVxtg4EkZ5y2mybDOi4=
vc7dlj8GnRU5KNelbdoaWQ==
+hol4ZAxhsDDnSbDOi4=
0tlf7fGn6GENckSlV1dqs5o=
FVb6DpNaVBG+XfXt+g==
UNsBOPIUJJ8ud24=
1SbXAalJ3GCPfjtUDDXEVg==
OV4aRNJh6jVcNvy/xcS5Kjxc
hZqaRL5W4UlWPx16GpE2ySHpekhAsg==
QmTiBn1ALazBlibDOi4=
9jToDI8w5WJ7WCyhMmU8hYQ=
ECSrOEcC+aAef2VeVSE/tjm3l1o=
0tp9JDPs5pgphEIP41zldsC8zw==
HD7IzWMMmQt4I9wzbdoaWQ==
cKdMehnTerbJqCbDOi4=
RWhnXi5ZIGqjgmQ=
0fRlIEMHSE49Yhfd
bqrQ+DHBm4g1rJSRvsLs6F79xw==
rOoQJyHHH1VnPv1O1QiiuwbYnW74
g4SVt952e2RtcD6fKWU8hYQ=
R1huOuCLWV+pfwLgOKJM
pChMES6ijLo4mA==
9yWJOJyjtdIgzoTTZrq4iDm3l1o=
utfRc/OFAD4wFdk3bdoaWQ==
fpIYx++FK5+9spOpmf8YTg==
Jt0GgpzIjLo4mA==
srzO4u1vfXUKglbgOKJM
oK5G2NiBmWz7VRH241zldsC8zw==
LzzMZHMwGtevgmQ=
DFPw/EEd4Yc9Yhfd
cL7kACe5n07ZcfTD4w==
g8QFmC3VK2KCt0mmKyw=
mtl0BPzHDEsEWf1g3yC7UQ==
bZ/RdPiCxerz56ebbdoaWQ==
ZYALGqMrqw6bCd83bdoaWQ==
linktau-roads.com
Targets
-
-
Target
PROFORMA INVOICE 103321.rar
-
Size
804KB
-
MD5
4eb79c4fa6acd6d50d82b2f3cc6ae1c5
-
SHA1
e14a3d0ee909418f534e9c457d0c8e8a4f1416ca
-
SHA256
2e104eab7b0a3da0b429304eb0e738fd75f7c99dfb368a3a0c70ffd1d4206c01
-
SHA512
2306e493d03f52ef217bd0b550788e55dc4be7b023da47a4f8b99203b0d90c569d3186aa8ed6a48cfb8806fff108e3656c8cc3ec85c76d3acc7747bfd7e3c0ca
-
SSDEEP
12288:HmDIqmgXdq5tPOpsAfOpy7lG4Roh81TZP9STlukqBYn+so6sFyD1xrlukYjp:HgINgXdqjOGAfOZis83P9tiXtD1xR2jp
Score3/10 -
-
-
Target
PROFORMA INVOICE 103321.exe
-
Size
916KB
-
MD5
6b34c7d21457240410f7526870fb3cc8
-
SHA1
ad4f885afeefe8d5c06f8ed14736705fb0b527f1
-
SHA256
4e299e221bff547ce81f39f447b914d120e8411bd4d38a5cf7014e5241e757ad
-
SHA512
1a8a7160adf1acea7cd76a7b739129f95afe931d9e5544d874e20d7f9c330c297618cb1f7cb69ced06fa22aaf95ef68dbf1df1e6898143061c8c360b3b48b61e
-
SSDEEP
12288:2ZMBqPwNK7sb7/sn1gSp4JZjAH1wBjGrCwDBo6RU2snF90NcZnbhR9jqI:he7w7En1gSp4TjQw5+CCrKFSNYbX9jn
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-