General
-
Target
nuevo_pedido.docx.exe
-
Size
1.0MB
-
Sample
221201-qned6afc6y
-
MD5
4f3ef54cc2a4028e954eb275760a8203
-
SHA1
0705497325e8ed2e83792ac2c08b0ee7cbeecd72
-
SHA256
77dc20ac123646040725522265e3144772f5bfc77b8aa7896fa33e6c601ff498
-
SHA512
5c31cefcaf349799dbaa83da39c82b9688d0de055bda7f97ab47c8e0353b0f2c869a297391d0d1216c7b18b68eabc6938dfdb0f0fb593b01a76fb058f3672e1f
-
SSDEEP
24576:wlOqaEByj4HVHONLZkjwf5uwGPnTiwAAgEEY4:w4kHclZMwBZ2TQp
Static task
static1
Behavioral task
behavioral1
Sample
nuevo_pedido.docx.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
qwlo
HJicvGvi3ve8hBxVn3IeGdhLB01EnQ==
Kp8ox/HNepRaJ78yGH8S
siM+CGMhAxTwkoXbPLSE0JQD/RV5n5Y8
I1ErJkNb/zsN
LmAzPtnXaJGdQvkd
mxX5GuJUL4L04Q==
90oPN1wty/rDmCgZj7dliUGscIk=
7EKwYKA2EzsN
KmDNWMMaNG4uFtQBMqY0rxFOYw==
KlxekbSTGjMmCgZBan8=
bnc+UEe0zOw+F9syGH8S
veRUD740TGXqr0176YFPuKKo
GbCJkFzG8SmzchY/dwiYBgA09xZE3jbSXQ==
J6eczJ1jyyYq95M=
h7AX1FCw3muk/AZBan8=
q3knw/TldLg6vtrG+nRPuKKo
KYj0iLy4T6FyPQZBan8=
y+xN3UT90/HrqobsNGY=
V5iVtK4gNUyUGe/JSA==
QZ/gcLimSmlpNAZBan8=
h+HXAaG+DEcQ
PF68OGFCqydBB5k=
DV9Xkz1aBh4=
+EU1UpkpPIRYRPIV
qvvsEMo4GWevdwnIQA==
T5e2Rr6sDm6wNdNY3kUbvIkbGis63jbSXQ==
O7Y9tSGQ8gSbZPgV
Hf/gKHZiDMAzFIw=
4RWZObKwUYNdUQgdnI0kfwyAeg==
vOxdFI3pASHj2H+f43kBFuBPB01EnQ==
vQKPNH5n/SYyIsYyGH8S
NYtwdgRTda0tEdPgYngvfwyAeg==
/zZdFXC+DEcQ
S54QuNm4WYd0Pc0yGH8S
Hj8eNSubq+ZzUuuz8OB4jUGscIk=
T8Q/0s+uQl2cGe/JSA==
J9MWvkilz2yoShcJ+d4Fl/43wgku
E3jkXj2pyuwgDgZBan8=
Zpfue6N1HSivdBAFLYc9QfLhcg==
FUKTHzQhc9Us/A==
ELDH9s05ZZ74xlUOgJwuItLAB01EnQ==
miCKMcI4SmoxCgZBan8=
X6vU+uIQcJfmzoI=
G0AmKfwuiZ301qW07yGvuA==
GV4vSwJxnbMN9sKzK1VRKPVxeA==
ACwICeJgfKE6JdcyGH8S
UpsXyGTE1B76wpvUl3ES143GtZ4=
OFXCcQZseLFyTwdGvnIw2EGscIk=
+XR2nly+y/GFU+kESe+QCgNNB01EnQ==
MG7wlwfziJtwThR25IBPuKKo
CrMQnqUSHFfXqEsvrstWXUyGTQMEmgKfQw==
ZoWZsmHe/BCGGe/JSA==
RoyGjHFO7Pj0zowbLiv7glVG4gt5n5Y8
Y5xsbda1YqG9SuQX
O8q/8gTjhq/JqnZCa9masg==
c7g+61hN9C4sDAZBan8=
GZASxA/lgrN1Q9kyGH8S
JooudyKKt9U13ceM/R+7ug==
7Al+LJKRMFFpPAZBan8=
RLCdtHA+zuYcAsaCE7NtAl/i7REz
0Pja6N9RZqtvF8mwQA==
0hqMKjqx1vYw94g/a9masg==
jw+ORNdKL4L04Q==
luHA0Yr41yJwONyYi558gnY=
ksrzym.com
Targets
-
-
Target
nuevo_pedido.docx.exe
-
Size
1.0MB
-
MD5
4f3ef54cc2a4028e954eb275760a8203
-
SHA1
0705497325e8ed2e83792ac2c08b0ee7cbeecd72
-
SHA256
77dc20ac123646040725522265e3144772f5bfc77b8aa7896fa33e6c601ff498
-
SHA512
5c31cefcaf349799dbaa83da39c82b9688d0de055bda7f97ab47c8e0353b0f2c869a297391d0d1216c7b18b68eabc6938dfdb0f0fb593b01a76fb058f3672e1f
-
SSDEEP
24576:wlOqaEByj4HVHONLZkjwf5uwGPnTiwAAgEEY4:w4kHclZMwBZ2TQp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-