General
-
Target
tmp
-
Size
782KB
-
Sample
221203-whqg5acc67
-
MD5
c7b62f9ed3ec7b9208acc7fafda076db
-
SHA1
4e8e86971dcc2e418b109bacfd6170c947e4eb58
-
SHA256
5f8e9ae71eba679754663351ebaf0668bee3ef9ac7c95ad0261fe97bc3424753
-
SHA512
d6110de8c343785f0804b9a3223735d60de387b159283fdc55a3e515e335a7502776784ee229829d21d153919ac6b2fb8abf48e67d02123a5cf6a01aeda4fd68
-
SSDEEP
24576:vfpSX/iG4AdBfw+Px1y2l8N3ykaNh1sT/M:3EXKOdBBPx1y2lgDCo/M
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
dqup
RBFKWV5uGrUdf6hN
jGcsTVbthgGRPm1nWzyE
omvIH2jxGd0Sn12CYeAAIvEODy/o
LLuzSX53kGpef9bObGSZ
P7qPqZmVr42VH9LObGSZ
EeWGEWEDxEDd5U1TxRw=
c5/8gdte657s7yo=
kQyJz9WGgKAWCTU=
94EXa2L/gCuXTwVF
QwngPG0f95paVrPd/TEdsg==
AZ0qhZ0icV3HJCS8tw==
tYe83vwj5a8uN3OSZEC+iZW/
aCkNaXAMOwxp+/X+MA9RYTs=
RDOfhwk2ysWuvw==
L79DjZhLdk7AqW/ObGSZ
eAP0idjnAen1II6+8TATqw==
d+/2mB+UWxTV2F4IsdJS5DE=
ZR9aco6xbRNvaehuqA==
zJVFYGnffyUV75T6phA=
yV3K3+jViRAtzJDNQThu0lZp+2FeyA==
m6pvyfd3NPXY+WlimhUCqQ==
bQfpBxsYEOG/yEoGvc8RvA==
21FiBUr/pTrYiI7iWTaA
R7swzhebvZEKEZVvsBY=
BrlKcuTqormjtQ==
fzFoh5XFgw0tzZy/8TATqw==
MhI0ySI4TQfyHI6/8TATqw==
y5fK9PMMMQPwE5HPqx4nGGmJ9w==
HeWd8DEKfA++ug==
dfZ2FGjWO90U
NTVDmgkwyMuy7zI=
NrYZJTjhppgiLaXnvg==
/MWD1SkuTyIMJLBcrjlz9TM=
YzteAV1dYR4ASG6poA==
dzXrM4J/jEMMSG6poA==
Y+/jNm+Zr14QMmx7ZUy+iZW/
d/p9H2udSeko3KTA8TATqw==
NAGQPsGMq57s7yo=
55/n/QwjzVRBU9yVEphRGGmJ9w==
0IVehYU4ZkXFbZVvsBY=
FUVZdnJvGLUdf6hN
vzw+1Rw3+4GhPV6f6lb5nSBlyXs=
oyhFbV1mezPzEExhiPGvTY/xJp5GuWU=
oiuzXJWjMbUdf6hN
TyDXH4SZcGMHCzc=
i2YbYbBhEa1p2uwRXdBVbjs=
Vh1I3yxJDoOISLvjvQ==
9n8Ip+4m7Zi0M+HtLx8pGGmJ9w==
WlvH76CQxw==
dRQVaHCFqoh2mxFQXsplAUlntdutuHa+Fw==
ZjeR50/2uDnfB4FHGQdtdDs=
ENaAGFfYBuFH08t37eD5+DhSz2w=
5KsGJyVdNMz4dXogcUyDnqQODy/o
3bRriKRNysWuvw==
L/KTKG6iYy6RMSQ7sdJS5DE=
BakOJ0Lhii0BSG6poA==
GJt76hWpVCqENidVMR4=
Rw+mOYgkTyaiU2TObGSZ
oym4AwmBIc6krSW7/Hhd80NA1ztBdFewDg==
4qdyoJ3glkGWPDZfnzlz9TM=
rX58L6vWO90U
8KyP5vl1E7aum9/tMZwnjFCn
pSEsw1EfRRz+SG6poA==
if2Vu79NysWuvw==
xavi.wtf
Targets
-
-
Target
tmp
-
Size
782KB
-
MD5
c7b62f9ed3ec7b9208acc7fafda076db
-
SHA1
4e8e86971dcc2e418b109bacfd6170c947e4eb58
-
SHA256
5f8e9ae71eba679754663351ebaf0668bee3ef9ac7c95ad0261fe97bc3424753
-
SHA512
d6110de8c343785f0804b9a3223735d60de387b159283fdc55a3e515e335a7502776784ee229829d21d153919ac6b2fb8abf48e67d02123a5cf6a01aeda4fd68
-
SSDEEP
24576:vfpSX/iG4AdBfw+Px1y2l8N3ykaNh1sT/M:3EXKOdBBPx1y2lgDCo/M
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-