General
-
Target
PO_SFOWRN5.exe
-
Size
552KB
-
Sample
221204-bn5h1shf6v
-
MD5
af3f0a8b0c0568f110f3b1fdcd70ad42
-
SHA1
9a5e79a01df75bcb04705ababdd062c2074486e2
-
SHA256
e7529a2d209e8f8405bfc92ae8f79486335989c0dcb472b678335db442fc6c04
-
SHA512
c47b704650f791386355068524daf9a1208deb1ece9838175cbe9f41c18c34cf61df96c836ca1781db2e0c986749af7268229e8b29abdcea1c636a04a81f342c
-
SSDEEP
12288:0oq78ingp/U7aZl/vJJfBbJMlpsG9+9jq:dq7roauJ3JMl9M9j
Static task
static1
Behavioral task
behavioral1
Sample
PO_SFOWRN5.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
n2hm
XCeG4IxNKbAl
YzJWbnC+El84nA==
KAJcdmP8yEcO5LXPCFF42Wfb
I+J+xYO95GJQWVU=
GtgxPPv3FmQmhw==
Og9NYF4xEl+j7vGTR93xvg==
506Cg07bsT0G6yK+A96H0h35V+JLkwI=
wAYXFN+pSFIXgQ==
ijzLI/f+FmQmhw==
UfT2PweNm+w8
GQWVw5aZnfF/kS5e
30BKYjua9zcA7gAwsPUngLnjyrBNEgo=
AM65OrmyFmQmhw==
VSlTVxISZ4J/kS5e
GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==
B9H98cUUfX+AWOqiTA==
MxVffWOIoVnM37zrd2sTaOY=
z6bxCgG/mGhR7oDzQA==
pQgSLSRi6AK3M/PdArpX
6rRRsYuSnXx/kS5e
tJRNn0ias3Yw
7c4NEQLSp/R/kS5e
TJmwu5Aa/IuRHtoXXQ==
TLoRUygkiJQE5GoRji0aff0=
Y83qB/DsQFYeZzahj6pYqw==
Bup2q3PHFmQmhw==
cDTa78WEWaYMdoDdArpX
28Rw4MRMnjT52raaTR5KhtMJYa8=
WydpZS7v/4XubCZuhkdxP2OAKdyK68u6
B+osKudaL8yAV/K/VAH3T+Q=
qVz9Y0QD3TGeM/PdArpX
+r49VzlFXLpFegdyc4q5ow==
gsXk990afa1hl6ATTA==
XkblOQWRaet/kS5e
4TNPSf2OcfNk9cfPCFF42Wfb
NaIIUEoRdKYr
ITSqBfn5FmQmhw==
KPRUmWnqxVE0hERFtyo=
VLzd1qk6E5wNcQ49KnmhAoT3Ok5roMK4kQ==
65jM2pKJ8EIST04=
I3+JoYVgYgDiv3O15Ntvw0On/sJroMK4kQ==
C+YhNzH20aCpy8MqVw==
yBZRl4HdPn+RHtoXXQ==
pGQATg0mMfntSBR9c4q5ow==
YUKFixIRdKYr
Hv+C4cZTOMAKV+/dArpX
MVW+PJpyCVA=
FX2AJYBFYbgk
/cX1CsjSpvU+
fWoThWagDVhBHt4yMjWQifM=
/vCd69xrS8QwuCt/yD8=
GvAsSzbCRxplG582TKzVug==
S6zlGfJ6DFc4TBNUvig=
k0z/QwnTpfR/kS5e
KPofKfkPcoRqxowFuWWNhvM=
Xrj+JvENc3yBln4OUw==
ScTatpYj/IKRHtoXXQ==
vLRdwbLyTpzFn+dAR93xvg==
mLTJe/eFp2kxl69W
Cbr5/dRQbio2P/e8ay0aff0=
xooviWn51V7DI7mMOwWT4lCIJUlf
l0t7fTmLqSCAuIYIVA==
06xFejwYMSkbfETTiNT21O0=
bWzTF+1nS4kxlydW
madamkikkiey.net
Targets
-
-
Target
PO_SFOWRN5.exe
-
Size
552KB
-
MD5
af3f0a8b0c0568f110f3b1fdcd70ad42
-
SHA1
9a5e79a01df75bcb04705ababdd062c2074486e2
-
SHA256
e7529a2d209e8f8405bfc92ae8f79486335989c0dcb472b678335db442fc6c04
-
SHA512
c47b704650f791386355068524daf9a1208deb1ece9838175cbe9f41c18c34cf61df96c836ca1781db2e0c986749af7268229e8b29abdcea1c636a04a81f342c
-
SSDEEP
12288:0oq78ingp/U7aZl/vJJfBbJMlpsG9+9jq:dq7roauJ3JMl9M9j
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-