General
-
Target
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
Size
224KB
-
Sample
221206-jxpg6agh39
-
MD5
f1f6b87aa6a7bb1c6a2beda153fc607b
-
SHA1
2964b06681eefb74a586b17756428d6c0cc08bdd
-
SHA256
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
SHA512
694c35b6c161358628c0f6ec0d3233fd7b2ade2cade6547f9cfd447e46c52dd0226d95f35da0a8c57f58bf5ace49d20c49cac36ad2d327f6c90cff755ea819cb
-
SSDEEP
6144:QBn185+KUnqBjp5S+xXVkWo3zAc/Enof7PdS5EYEdB:gaAyjp5SCVvo3zgof7P8+YEdB
Static task
static1
Malware Config
Extracted
formbook
henz
IxWMb+jVsoinShuZJzk=
TPfKgQZ//oGnKr/J
EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M
KebSmiCP9p8yUw==
HAt/ljkEuqMLHOLCi53Pv8MKX9qk
CY4ogZTwJc4vSw==
WWDIx5UYUDyepntE0YIAPca3/rI=
+Pkr01Lfb2rME7bL
S5nyK0p8jS2xdwQ=
W/oqvlO57LfkLcLHnQ==
zrrwtqkTLwxulm4l8FGopw==
AqucYext8bzFbOKthIm8E6gfVkUHxKY=
OfnjeDs78+RTcz4OHRl+
XKf1wwpZR5hLLjHgmUGOpQ==
JMyhSLoJPTCwn5o9zX2d8i1+
Wk54MBsDhWSVbnIRkQ==
7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==
hH/EYxN+jC2xdwQ=
S0F4ORqDjS2xdwQ=
0o/UwXnuJ+sJp0cOHRl+
klE+E/jVelhT72wOHRl+
ZGvqyzaT9qfME7bL
czgajHaygm4=
KufYeyTiLhIGlzU6/38IM7IrqzhFa64=
oVNF+2VXWBL9jwGsK3Bw5TE=
iI3g6JaEalRvMDaz8AD4+vt0
nWtRAaSccRlLVg==
NtvDoS2UMcMRSA==
1t5MW/lEfjsUrFJeGXBw5TE=
UFixmi+P2cgqPRj09Sc=
MSuTonT5QhU11IGFYWKB6eJj
k4Lw3r+hTj9NF8+zgnu+Nsa3/rI=
NSN7fCqHln/S+RuZJzk=
dTUV1GY97NlVLsaSJXBw5TE=
8u5OLgNPRShyRRuZJzk=
BLTZ0G3iV0B5PvedL3Bw5TE=
ci8Y27nGCM69
JxF8W9/QoC2xdwQ=
KusZC8MsPClL1oMo8SA=
tW9XIP/VYTmVpWIDjIu1p5/ebhC9
pmc//mhFFgx3l1IOHRl+
MOsl9G5hQT6lhc0oLHWtrQ==
fXvSx46RRSiGjWphOnO0p8a3/rI=
D8Hx4JoDG+znbnIRkQ==
Dsfu2pqFJP0Kv0gX1CGX3Sw=
FcGnEr4fhW7ME7bL
hkc37Y3GF8gTMAw=
dnGZWjqPqYqgTxuZJzk=
iDEV43sIvE1j7psMiQ==
vb8qEoNQBus+mQXst1h2
46qCRt3j3cfneiudJjE=
8eoYvzW2PgDrffLWrav++Mf1TUUHxKY=
vqkFDa0HYztZ+G8ODZ7Qug==
+K/F0qEnTxACrzMR2OocXxecmq31afw7pQ==
Egwn/u1rq2uVbnIRkQ==
nFVH/3fvalaRbnIRkQ==
CvtveEUyyqUJLOiOKnBw5TE=
dmfN5LErTj9l/Icl8FGopw==
VAQtEMawYiNPaTxLIxdbpD9sZL0=
MBSMhSCOHdpCVQ==
jz95eCeaJc4vSw==
85N/Gcy+XicYq0cOHRl+
D/1B46soVTKObnIRkQ==
Hgytgwn25KqyVRuZJzk=
brennancorps.info
Targets
-
-
Target
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
Size
224KB
-
MD5
f1f6b87aa6a7bb1c6a2beda153fc607b
-
SHA1
2964b06681eefb74a586b17756428d6c0cc08bdd
-
SHA256
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
SHA512
694c35b6c161358628c0f6ec0d3233fd7b2ade2cade6547f9cfd447e46c52dd0226d95f35da0a8c57f58bf5ace49d20c49cac36ad2d327f6c90cff755ea819cb
-
SSDEEP
6144:QBn185+KUnqBjp5S+xXVkWo3zAc/Enof7PdS5EYEdB:gaAyjp5SCVvo3zgof7P8+YEdB
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-