General
-
Target
92BA0652393988836891f0c5d.eml
-
Size
1.1MB
-
Sample
221201-rtlk4agc92
-
MD5
9204fd7cbff79bd09263ef0145801ab6
-
SHA1
2bd8a61113009df867d43df048339ad9cc5ff4c9
-
SHA256
867e3f33015a4401d2fe05d3f12be7bb7ba365e8916850a1c055844a178843aa
-
SHA512
1ecc4c00fcf8939557fb1894d4e363dafd047551865c3c06df8caf79f2e307359df3cc915153f68d39ca704f8e0884911bc6e4379eaa736831e2274bad088e77
-
SSDEEP
24576:yyL8FsH60PVqWNRsjtR14oULrLDwZ5QiczjyFFMT3WW4NeXv:VmQUWNRe14trLkZZcPyF0WWJ/
Static task
static1
Behavioral task
behavioral1
Sample
nuevo pedido.docx.rar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
nuevo pedido.docx.rar
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
nuevo pedido.docx.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
qwlo
HJicvGvi3ve8hBxVn3IeGdhLB01EnQ==
Kp8ox/HNepRaJ78yGH8S
siM+CGMhAxTwkoXbPLSE0JQD/RV5n5Y8
I1ErJkNb/zsN
LmAzPtnXaJGdQvkd
mxX5GuJUL4L04Q==
90oPN1wty/rDmCgZj7dliUGscIk=
7EKwYKA2EzsN
KmDNWMMaNG4uFtQBMqY0rxFOYw==
KlxekbSTGjMmCgZBan8=
bnc+UEe0zOw+F9syGH8S
veRUD740TGXqr0176YFPuKKo
GbCJkFzG8SmzchY/dwiYBgA09xZE3jbSXQ==
J6eczJ1jyyYq95M=
h7AX1FCw3muk/AZBan8=
q3knw/TldLg6vtrG+nRPuKKo
KYj0iLy4T6FyPQZBan8=
y+xN3UT90/HrqobsNGY=
V5iVtK4gNUyUGe/JSA==
QZ/gcLimSmlpNAZBan8=
h+HXAaG+DEcQ
PF68OGFCqydBB5k=
DV9Xkz1aBh4=
+EU1UpkpPIRYRPIV
qvvsEMo4GWevdwnIQA==
T5e2Rr6sDm6wNdNY3kUbvIkbGis63jbSXQ==
O7Y9tSGQ8gSbZPgV
Hf/gKHZiDMAzFIw=
4RWZObKwUYNdUQgdnI0kfwyAeg==
vOxdFI3pASHj2H+f43kBFuBPB01EnQ==
vQKPNH5n/SYyIsYyGH8S
NYtwdgRTda0tEdPgYngvfwyAeg==
/zZdFXC+DEcQ
S54QuNm4WYd0Pc0yGH8S
Hj8eNSubq+ZzUuuz8OB4jUGscIk=
T8Q/0s+uQl2cGe/JSA==
J9MWvkilz2yoShcJ+d4Fl/43wgku
E3jkXj2pyuwgDgZBan8=
Zpfue6N1HSivdBAFLYc9QfLhcg==
FUKTHzQhc9Us/A==
ELDH9s05ZZ74xlUOgJwuItLAB01EnQ==
miCKMcI4SmoxCgZBan8=
X6vU+uIQcJfmzoI=
G0AmKfwuiZ301qW07yGvuA==
GV4vSwJxnbMN9sKzK1VRKPVxeA==
ACwICeJgfKE6JdcyGH8S
UpsXyGTE1B76wpvUl3ES143GtZ4=
OFXCcQZseLFyTwdGvnIw2EGscIk=
+XR2nly+y/GFU+kESe+QCgNNB01EnQ==
MG7wlwfziJtwThR25IBPuKKo
CrMQnqUSHFfXqEsvrstWXUyGTQMEmgKfQw==
ZoWZsmHe/BCGGe/JSA==
RoyGjHFO7Pj0zowbLiv7glVG4gt5n5Y8
Y5xsbda1YqG9SuQX
O8q/8gTjhq/JqnZCa9masg==
c7g+61hN9C4sDAZBan8=
GZASxA/lgrN1Q9kyGH8S
JooudyKKt9U13ceM/R+7ug==
7Al+LJKRMFFpPAZBan8=
RLCdtHA+zuYcAsaCE7NtAl/i7REz
0Pja6N9RZqtvF8mwQA==
0hqMKjqx1vYw94g/a9masg==
jw+ORNdKL4L04Q==
luHA0Yr41yJwONyYi558gnY=
ksrzym.com
Targets
-
-
Target
nuevo pedido.docx.z
-
Size
852KB
-
MD5
99eabaf54c28eaf8bc9a910bd27d15bf
-
SHA1
7dbad624f6ac9dd056cf7b4d7bdcb8c5c6309b4e
-
SHA256
4b8ac2523efa7356d9f5638ac54a2ebe757f2ff439cbbfe5ca5326328dcc1510
-
SHA512
8e296126b78d86fc74eaff309ab1e4fc3184d4f9839258c4e47bd7342d6796003ca52acbbc3d9c64c9c7de68be9b7451a8d0f8e6d65e1e3172d42cc3bc8d1792
-
SSDEEP
24576:+Mp23FDeNJCy9q7BGLKtnoOhhxBGkISM65eqLv:BWD9zrhLn
Score3/10 -
-
-
Target
nuevo pedido.docx.exe
-
Size
1.0MB
-
MD5
4f3ef54cc2a4028e954eb275760a8203
-
SHA1
0705497325e8ed2e83792ac2c08b0ee7cbeecd72
-
SHA256
77dc20ac123646040725522265e3144772f5bfc77b8aa7896fa33e6c601ff498
-
SHA512
5c31cefcaf349799dbaa83da39c82b9688d0de055bda7f97ab47c8e0353b0f2c869a297391d0d1216c7b18b68eabc6938dfdb0f0fb593b01a76fb058f3672e1f
-
SSDEEP
24576:wlOqaEByj4HVHONLZkjwf5uwGPnTiwAAgEEY4:w4kHclZMwBZ2TQp
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-