General
-
Target
DHL_INVOICE#-00834.exe
-
Size
262KB
-
Sample
221206-htaddsgg51
-
MD5
c4c96fd02d8673927cf596fc80cd8647
-
SHA1
8b5c6d26685f5c0373ba95ea3f5c76e19a1548de
-
SHA256
e90c54d32e7a267681bef788fefb68a4a6ed2c74718039cd5d5fce43c6f33377
-
SHA512
3f72d7cee8db3e880b33ef483f5e706d2e9308582d60385660a2ae4b37a7e879cd7fa01b1c583e0e7399b51f9887ce384333754282c783d85953ff0edaf17696
-
SSDEEP
6144:NBn0lN4V4dffxSB8diLsh6JUIbcubtlVzNb:EDXxSBxLshR/ubzVh
Static task
static1
Behavioral task
behavioral1
Sample
DHL_INVOICE#-00834.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
g2dc
OqIwFVmXHnPUgdurr7I=
0YwewYtWNLZdkF7Q
HFT6VwOYdkifOpbT1h9DcYQ=
D+zGTvGlpriTumzBbw==
gMSID89/QqMV8yjH
HN5/g0/3yJBsnZCig9Qf
Hl33xdRU8xaC1rY=
/rhq03DorPAUH2bSp6228fGQ
gBwzCyfHge9SumzBbw==
NuOmK9+fenLQa9urr7I=
cA4+yKM4IQjpFwMt1BQEUJ1q6y0=
gpK3pqdoVNu93yS0uhocUtQmtQ==
3i3tx82Rf7yQdIyeprA=
FTo+4qVlVK7gIgxi0g3bUA==
7kDtq4wo6+cV8yjH
Dc123pIo9vcNuR9pwkQ0pPpHvQ==
KYREtH0zKNiI374=
Tok2qF4n2XOiRw==
DYFtA6ZXUJfA3MLhRtTVTQ==
C8poIeeskBCxEYHIbQ==
SphQtzv393fpQTmDIBvxFxyuxIK4BJWOUA==
AB4x79KRi4GW5kKig9Qf
IVcHfD3hpGSLl9+IRtTVTQ==
PzAWlDfYi/FTumzBbw==
c8KfRhi+nW2XvNurr7I=
UsixbWn3uiCIyfadTEkZUtQmtQ==
g4pzHPfEqsDb8rw=
r0hgJQncv5PCYr9RvAvxdJM=
yFlw1kAR9tY=
SVpSBeSERrimumzBbw==
uppZPE0xxRFA2yhWqvDARw==
zRjhy+RmLa2WDW7Sp6228fGQ
liYa0MmYn+0fseEDsP5EgcEftw==
MH4a78axhU2Gydurr7I=
2UQv2aEq56DO6iHF
CFomvat2Vcmz09urr7I=
q2kjkxkeyEk/k++FRtTVTQ==
BG5M2sVYFP1V7UOig9Qf
+ibWP/CKeEBw/kaig9Qf
+UsepVwfAGme8WWvyx9DcYQ=
zHJ/UmYN3lGOrY+sNUUaUtQmtQ==
A9rJR+iHRJ8V8yjH
f1c45sZoONiI374=
TaiXlThWwWrIWg==
Gno6rEkmp43vR3d+pas=
YBKzbS8Bi+0Zo/+psqY=
fygs4+dfFHRSbaE+dLAcexvc6t1n
QvyqxGh3/kh3mYnP
ZPYN3O+UTaMV8yjH
hItu96hZQKPkgrjbRtTVTQ==
gYpp/ZKAQpnIWQ==
ryD0gz7Ih29Zh2y3YGI8u/hFFEWMlw==
o1Twr45FQSldcrwZvP8OUtQmtQ==
4QL6n3gqFwRwAkaig9Qf
kN++Zyvv6yJ6ydurr7I=
SdK4Rv6Qb8w4euccuaU=
ve5+E9JwSEMjOWfxfILEq9CY
P6aMLe6ofmKIoO0U2SmtHYI=
8+bJXD3UknPOa9urr7I=
QPyWSRCfXL+mumzBbw==
8ejIbB/mp6G66Ankdw==
n96ZDb2Ab8j2gtYe4x9DcYQ=
XmRT2XUg/1w+Wn1hdH3FMIw=
LN6J745INyFTPR9kCRUX
yogaguerilla.com
Targets
-
-
Target
DHL_INVOICE#-00834.exe
-
Size
262KB
-
MD5
c4c96fd02d8673927cf596fc80cd8647
-
SHA1
8b5c6d26685f5c0373ba95ea3f5c76e19a1548de
-
SHA256
e90c54d32e7a267681bef788fefb68a4a6ed2c74718039cd5d5fce43c6f33377
-
SHA512
3f72d7cee8db3e880b33ef483f5e706d2e9308582d60385660a2ae4b37a7e879cd7fa01b1c583e0e7399b51f9887ce384333754282c783d85953ff0edaf17696
-
SSDEEP
6144:NBn0lN4V4dffxSB8diLsh6JUIbcubtlVzNb:EDXxSBxLshR/ubzVh
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-