General
-
Target
document_M0234.exe
-
Size
249KB
-
Sample
221201-sqhwgaeh71
-
MD5
0b6c508dec4b6647dca3d1bd61b002d4
-
SHA1
5f85f53b7f2e54d74fa7733ecc51d5e8819e4bf6
-
SHA256
1a67a5a9f3b74eb679eb5d2684961322941e9243aafd225c2fc08024f63fb59e
-
SHA512
036286c289f8b0963acc44d5f35d3527a6ad899b24c72688c64be88274b3cdf837cca618f7827d763e92984c8bf7e8d025abda62dbf4806d192555fd2cd969e7
-
SSDEEP
6144:gBn1Qvgd4/Vb+WwPpYM1ZKaUqjkb3Gi3S37:wQvF/B/eCMWa1S3p3S37
Static task
static1
Behavioral task
behavioral1
Sample
document_M0234.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
9qtp
0BbXnywB2jUlm9nKiMma
R5A2IaujqtD/dAqI8Y0IpQ==
hOvaxGAt51Bx33P7Vyt6XPnYWw==
IDg+M/RH+D5aQ18d8Y0IpQ==
W1xH1/2HTrysGWEUdK2equ4Y
qHgkqNn4xTo4
8S7brii3eMzty+KgvBqIXPnYWw==
j8x44wKIXrW2tRiH8Y0IpQ==
GywuINvBRm2eaNY=
dTja44gPmQhkiaLZ
s6aIdgBm7Dx5fsUB2rE=
m5h7cA6JHX1p5ylfoc4ouA==
uDxNFJgassFFTdQ=
RERUNcLCgdAOabklo1PDTjf5Uw==
pKeadO1BswJQKXZ0tAkBF9wkNVs=
xd7Yr00rxzGBNlS1XA==
01Jd2fhoQpThdH5Sc8sprQ==
oOSWBCeNDDWeB8M=
EV8ae4iFCmdrT78Zr6VnObkG
Ghkc7nZnXXPEOX1FUToisZc=
b+TNSW7b5QZMVNY=
9YuHzc4u/maAe8UB2rE=
7wf+AJthHXmV9nchmnw/IZawRg==
fhEQhqTxpfMF4vJ0v6k=
cMR3bRQDDTiO5zbR
NritHTEovCqJ3B2F8Y0IpQ==
klEQFNYnGkJ0jQ+4KgiS
xohapLQMeb4YA0lSOZeD
IqWU5PhT8lGJW6OQbk4mL3Lf82Z4
ID89EYH9b4MfdH5Sc8sprQ==
H3kqGamujP83ud3KiMma
W7BYEsCqn6IDgQ==
9AgU73x+RJKrHLBC28gz6NwkNVs=
CCIUpNIztsFFTdQ=
VGRaOKoCmsFFTdQ=
vrGmWzoJ1zw2fwOjGVdnObkG
h85TMWsBiug=
wEI/qbob6ERjMWGpNrAv4Z4=
MjpSfr8QAdZkiaLZ
CETvX1ph3SB7NlS1XA==
vfrKyXlaIoupAYD+p/AqgpPD+21xH/M=
Kh0UA7KJEl1zzNrKiMma
tqaWljgGrAxZ54InAWsXaUr6VA==
ICsazaoutRRkiaLZ
ouGdZ+Za0ELS9DacVA==
eCgAABjTFPe7NlS1XA==
9nNDGwq8yhYl
9nd4DDaEKkrLmt0ampEA4nMfeG0Ncw==
3/Ds4pKMZ8rsZfJzxqVnObkG
z9TY1XLzmsFFTdQ=
GUA9GZVwSLjXO0du8Y0IpQ==
a5SMdQiNJX/Atz9GIkAzVrMDD2Ny
XJdOIKzXsAYxMYnt57s=
RFFU5nM6NR1SNck=
dN3GPm7kpcFFTdQ=
kntqyckK1hxTyGTKiMma
Yvr0PlCxLXzXscUB2rE=
9M6TfP5T5j92TZiCrwX2CXMDD2Ny
a7B2YQPcthAMk9bKiMma
RMC0xwAWsBB2NlS1XA==
WyDgT2/Bgs7VuUJPQ43zqdwkNVs=
bkwVbI4C4j+XQl8d8Y0IpQ==
KiHQ/aot/FR626cNiciY
gYxzT9xg/l21ouUVgmjq8m8DD2Ny
lee-perez.com
Targets
-
-
Target
document_M0234.exe
-
Size
249KB
-
MD5
0b6c508dec4b6647dca3d1bd61b002d4
-
SHA1
5f85f53b7f2e54d74fa7733ecc51d5e8819e4bf6
-
SHA256
1a67a5a9f3b74eb679eb5d2684961322941e9243aafd225c2fc08024f63fb59e
-
SHA512
036286c289f8b0963acc44d5f35d3527a6ad899b24c72688c64be88274b3cdf837cca618f7827d763e92984c8bf7e8d025abda62dbf4806d192555fd2cd969e7
-
SSDEEP
6144:gBn1Qvgd4/Vb+WwPpYM1ZKaUqjkb3Gi3S37:wQvF/B/eCMWa1S3p3S37
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-