General
-
Target
DHL INVOICE#-002834.exe
-
Size
306KB
-
Sample
221202-vxlxtagf89
-
MD5
9564349d362fe854594e13217800ea9f
-
SHA1
5067b33410d6a859f96e07d7fa006446b5e3abdb
-
SHA256
4aba8fe16a25f04df115b34a57b6fff9782664c208348cf57d921d12f158c8b1
-
SHA512
d919fbc75fd973ddd8e425b728d3ab7c251b5671493517d4eb8e825f6b26a4b5f36d70468b171a336bafcc6c8eaf9deea3c31af7ba26b9ba1aee9649b0b5a1ca
-
SSDEEP
6144:NBn0JAr0W067hhLsgQfQIRHWGdEzFgu+sdIEOZz9Kgzl:EerA67sF9Hj2RzEkql
Static task
static1
Behavioral task
behavioral1
Sample
DHL INVOICE#-002834.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
codp
WLwbp9IgDF0DRbuq
oNQ7DHBzVHVMTxxxFCORk65Z5w==
eKyDm2P0S8i8tXrGSRxyN/GB+g==
DWLDupksnDvfKi7Q7PI=
JAaYbOFx1G0f4pcM36gDB3YaG796
KWQ71Z4U7+2Nv8K72OXED5M9oe8=
YJpvEHW5TU/wL02R9TiN0A==
tpQX78fPprFMi7ocSgXfUNYKpTq33Icp
a9Z0eju3FKFA/YBy+MQfG3QaG796
uQzt58fSssDUenxacQCY2g==
vijGzYPYOfi2gxZLhlbA
kZfzlQg7IGPxc29BJA==
dcQu+blQlxGyZu7qw5P4L6s=
TTIXAcXMr85yqqvxWBMqdrw=
xZb/tyGC8sOjIS7Q7PI=
KnzenvO+cXkVS3biKfRDwJ9Q5Q==
ZqZvDt9+yYxqh1Si
vZD8CtVZigY/cqnmLA==
QJy2dd/p0MO1Ji7Q7PI=
l+Hmoea3jsiAcqnmLA==
j19MVSQr/CceRbwAwBMqdrw=
vS+9sWn2gDVJYeHZaHTPCN9ywAEKVg==
blpyOo9dQZt5ZxddwQVmww==
IOs9KPQyS0gISA==
nn/ZeuJwB9m55jogOw==
M49wUTbsPAwOcqnmLA==
WqL2DMvly8XMWUkzLPvkgjf1aM5QNRk=
fd7UqRCiNTCiTs+3
vY9pE5GVeJJKMpNw0Imsk65Z5w==
PoplGWGv//+qJC7Q7PI=
d8msQUS/1UNH
g3JQ+nF3X3cfRU7V4us=
CEaYiEEOXyvzU07V4us=
lWFpIAPKKBaU90M=
TzIO/uHUaDELiHVWcQCY2g==
C23Tr3r7VMWspGfecQCY2g==
nqSKdTr0YhS+hBlLhlbA
tqY5MRsZX3MVS0YS8eY=
9MouOBNcWth14KOG9e1CFHYaG796
pKi80FPSajXvnxxLhlbA
RBb0/dHxCF8DRbuq
H2JA8ah0Bg4ScqnmLA==
Ui6WUnCpdrSBlN+xk1450g==
dXUNxi54AIl/E/W/tLmhAJM9oe8=
g8SPLINNHWVYb9gTSBMqdrw=
ld0F/BjbTxaU90M=
jmTquCeAzJmZHGHL7sydCpM9oe8=
K25MOh0tGDTYolGNUQ1yxw==
B1Ozd8XF67PJZGdHJA==
Py0TshQX8wvo4n5WcQCY2g==
G378nwBW6hJ73dDIcfo=
lebDk/+/1UNH
sO5QF9cf+lLssy7Q7PI=
mu50P/Y9kRfOLS7Q7PI=
Akgd/+60CxK1KVo=
wxp6MYyFq4coVQ==
XinIiM8UXijMrUh19sfnOvav
N7THlsfP5amkUA==
DoafUba91Bo1xbahrLegAJM9oe8=
owwVtzbvRgDKNXLAzqwrDNGFpTe33Icp
kQMRCcXUvNWa4OrZxJFt9JM9oe8=
ViF1HZskhw7WOrenND/Q2ZVRhy+33Icp
3rGLk2t/q4coVQ==
L2/L3M8P5DMaGpN/6LvKmJM9oe8=
gameikanjoker123.com
Extracted
xloader
3.Æ…
codp
WLwbp9IgDF0DRbuq
oNQ7DHBzVHVMTxxxFCORk65Z5w==
eKyDm2P0S8i8tXrGSRxyN/GB+g==
DWLDupksnDvfKi7Q7PI=
JAaYbOFx1G0f4pcM36gDB3YaG796
KWQ71Z4U7+2Nv8K72OXED5M9oe8=
YJpvEHW5TU/wL02R9TiN0A==
tpQX78fPprFMi7ocSgXfUNYKpTq33Icp
a9Z0eju3FKFA/YBy+MQfG3QaG796
uQzt58fSssDUenxacQCY2g==
vijGzYPYOfi2gxZLhlbA
kZfzlQg7IGPxc29BJA==
dcQu+blQlxGyZu7qw5P4L6s=
TTIXAcXMr85yqqvxWBMqdrw=
xZb/tyGC8sOjIS7Q7PI=
KnzenvO+cXkVS3biKfRDwJ9Q5Q==
ZqZvDt9+yYxqh1Si
vZD8CtVZigY/cqnmLA==
QJy2dd/p0MO1Ji7Q7PI=
l+Hmoea3jsiAcqnmLA==
j19MVSQr/CceRbwAwBMqdrw=
vS+9sWn2gDVJYeHZaHTPCN9ywAEKVg==
blpyOo9dQZt5ZxddwQVmww==
IOs9KPQyS0gISA==
nn/ZeuJwB9m55jogOw==
M49wUTbsPAwOcqnmLA==
WqL2DMvly8XMWUkzLPvkgjf1aM5QNRk=
fd7UqRCiNTCiTs+3
vY9pE5GVeJJKMpNw0Imsk65Z5w==
PoplGWGv//+qJC7Q7PI=
d8msQUS/1UNH
g3JQ+nF3X3cfRU7V4us=
CEaYiEEOXyvzU07V4us=
lWFpIAPKKBaU90M=
TzIO/uHUaDELiHVWcQCY2g==
C23Tr3r7VMWspGfecQCY2g==
nqSKdTr0YhS+hBlLhlbA
tqY5MRsZX3MVS0YS8eY=
9MouOBNcWth14KOG9e1CFHYaG796
pKi80FPSajXvnxxLhlbA
RBb0/dHxCF8DRbuq
H2JA8ah0Bg4ScqnmLA==
Ui6WUnCpdrSBlN+xk1450g==
dXUNxi54AIl/E/W/tLmhAJM9oe8=
g8SPLINNHWVYb9gTSBMqdrw=
ld0F/BjbTxaU90M=
jmTquCeAzJmZHGHL7sydCpM9oe8=
K25MOh0tGDTYolGNUQ1yxw==
B1Ozd8XF67PJZGdHJA==
Py0TshQX8wvo4n5WcQCY2g==
G378nwBW6hJ73dDIcfo=
lebDk/+/1UNH
sO5QF9cf+lLssy7Q7PI=
mu50P/Y9kRfOLS7Q7PI=
Akgd/+60CxK1KVo=
wxp6MYyFq4coVQ==
XinIiM8UXijMrUh19sfnOvav
N7THlsfP5amkUA==
DoafUba91Bo1xbahrLegAJM9oe8=
owwVtzbvRgDKNXLAzqwrDNGFpTe33Icp
kQMRCcXUvNWa4OrZxJFt9JM9oe8=
ViF1HZskhw7WOrenND/Q2ZVRhy+33Icp
3rGLk2t/q4coVQ==
L2/L3M8P5DMaGpN/6LvKmJM9oe8=
gameikanjoker123.com
Targets
-
-
Target
DHL INVOICE#-002834.exe
-
Size
306KB
-
MD5
9564349d362fe854594e13217800ea9f
-
SHA1
5067b33410d6a859f96e07d7fa006446b5e3abdb
-
SHA256
4aba8fe16a25f04df115b34a57b6fff9782664c208348cf57d921d12f158c8b1
-
SHA512
d919fbc75fd973ddd8e425b728d3ab7c251b5671493517d4eb8e825f6b26a4b5f36d70468b171a336bafcc6c8eaf9deea3c31af7ba26b9ba1aee9649b0b5a1ca
-
SSDEEP
6144:NBn0JAr0W067hhLsgQfQIRHWGdEzFgu+sdIEOZz9Kgzl:EerA67sF9Hj2RzEkql
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-