General
-
Target
3abebb8dc857936bb52c8279602d5c62.exe.vir
-
Size
603KB
-
Sample
221206-f9elyace6t
-
MD5
a6afef15d5eedcf2a0ff34083fc6c1ca
-
SHA1
5b06db1442948c2686ddc7a9c57aa05084ab259e
-
SHA256
b72a5dfe57144f6949b0b8f3b0792c306dc6fadafc71d8919f7dd0fd2d4bb8c4
-
SHA512
f846f6f0299bc9ac6955fe21eca2106436427f10746406a041856408ad0c90ed7694177b6044ba0117c0d09184c3d62adbea0a26156ba4f4d632a33e6adcb6e9
-
SSDEEP
12288:g4cYY+jIxUzR+tl70wrhRLjvlnL7xC4g2z3tUqPAO1ItKVLWbYUPXebv:g4/mxUEX70wbp7PTbtUwN1dVTbv
Static task
static1
Behavioral task
behavioral1
Sample
3abebb8dc857936bb52c8279602d5c62.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
yurm
X06d1tis1GUX/R0g87Ud
BKiZ33D1P766GVXO1ZwV
lAFdjB7CSxGX8Trz
Gc7dWizTVxWX8Trz
tDkr9JAfi1OHAW1PGOageIp4
bCpMtHKU3mVp8BY5sQ==
7WKpsMWt8nsrhJClJeOZNg==
0A9KTlETQ86Cmd8k0o5NP5RwCg==
aJ61paNJztSp42c=
CrgoA8ySIOsytCbO1ZwV
i46SnHYDD9tTIHI=
XFRCRCjtFZeU3x4Rn3xfD5BnPz+RDA==
c4CZghuHvzW9A31gEz0d
QAjzz9qyRRWBNYseAI4M
Jpbmu4A1YvBvN3ruZgiRmJA5BCFd
PfoFXGNFhhuX8Trz
bqCfk0m8ApAl+Tm1Ms5Tb23IT7tS
z7INff7HNALxc5HWq2/ftrVR6A7R1zvTUQ==
m7IShV4LSFxbqxhrVsZ1Ig==
BHRp7q0gtoRuqBRnVsZ1Ig==
SnqEhE/pEKitAVYv+MtfgDwL1EuxZyihRg==
1xpDKRHJ7K/tqQzEfaJvDIeRWI5DZyihRg==
tAQpBfGi8mppxC4LbDQNI945BCFd
nk5kz8aKDecavxHOYeugeIp4
wPYvLS3zK8FvdJFbQVY=
WAATk07VS0xU9Dvx
KdwXaxSYC9G8DG2tUOBR/X3wtEM=
EPQVcwx5eXw9i/E3B9tpP5RwCg==
MN0FmlPPDZiu5zVpA58wA0Q/5F4=
797QsL+c/saMxtZeQFQ=
TISijiWfydvQFQ==
ama7D8Ntnxsr9Gg=
PcnRSFMPjGFm8BY5sQ==
npSIXvRrsj25h91pUHZGbX3wtEM=
0CAJglT6dkKyhZFbQVY=
kL69pLud0pT4Am0=
sG1JDgXWXydt/VHO1ZwV
zxVdYWYhqoHvrt5W2G7a5PL71zEyHIIx
i0Zm9MhPh/vvI3ycVsZ1Ig==
kjRJqKB3nRgihH2kM0E=
/s4LgD5dmCtOBCkprA==
I278sNm5/o/FX2dZBAKYKg==
eP/5flDtVw2X8Trz
Ik9oUEj8hFO6eeK1gJg/xkILDkwPAw==
QIS5jUjlUhtr/VHO1ZwV
RcC5QQyGv0mFC2BnT3igeIp4
NL7LMCoKT93dJWVTHJgywToxAg==
yzhyPgzSYDGthZFbQVY=
PqmV5ObKBpvKUJZYcGg05HtiCA==
/W9bsq7IsDuC
T8LMKrI2jA8BQ4yQVsZ1Ig==
eHof90VMPMXQDQ==
8TSLglnyajdx/VDO1ZwV
ZQYihA2I+rn4g7eQVsZ1Ig==
JCmxphUQ06is5Gc=
H2C6sYYiZPAxoxNnVsZ1Ig==
5NxIrpR6DM2Jd5FbQVY=
vDCXqaJj6Pw2EXA=
CBI+Gdh67Pw2EXA=
zxoDhkPEDpTET7a6Os0tj1BpDBfmYgo=
neEtD8Y0YN7fMV7O1ZwV
W+BPJ/S6QhmScpFbQVY=
iAZaRHA3ZgUpsQvRiZ5XP5RwCg==
CQtXS8LIsDuC
absbox.org
Targets
-
-
Target
3abebb8dc857936bb52c8279602d5c62.exe.vir
-
Size
603KB
-
MD5
a6afef15d5eedcf2a0ff34083fc6c1ca
-
SHA1
5b06db1442948c2686ddc7a9c57aa05084ab259e
-
SHA256
b72a5dfe57144f6949b0b8f3b0792c306dc6fadafc71d8919f7dd0fd2d4bb8c4
-
SHA512
f846f6f0299bc9ac6955fe21eca2106436427f10746406a041856408ad0c90ed7694177b6044ba0117c0d09184c3d62adbea0a26156ba4f4d632a33e6adcb6e9
-
SSDEEP
12288:g4cYY+jIxUzR+tl70wrhRLjvlnL7xC4g2z3tUqPAO1ItKVLWbYUPXebv:g4/mxUEX70wbp7PTbtUwN1dVTbv
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-