General
-
Target
Consignment Notification- 705643291.exe
-
Size
226KB
-
Sample
221206-krldzsbe97
-
MD5
a60cbdaf4f35894d7970f9bcf606acfa
-
SHA1
fe4a22af06fb8d122065dfb0683a7dd9c6baae9a
-
SHA256
6a7b8ed7f2cfe7f8a3030df54f1ba443025c54e5a15d416469aac2a696d7bf1d
-
SHA512
7b9822089f6251b116e589140473e8f671568bd45b954c505ab77163210594fd4a4b0905d9dce3b601d50ee217e8f4c06f9fc05cae84873b2498f8c1d3d7b323
-
SSDEEP
3072:QEhKzShSycSMIZLq4ziw2z2nsfvTdob43u27OP4XrefAKNdOR6XgrhedPZphUYk:QBn1Ig4DvNb43m4qO4Qr85k
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Notification- 705643291.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
yurm
X06d1tis1GUX/R0g87Ud
BKiZ33D1P766GVXO1ZwV
lAFdjB7CSxGX8Trz
Gc7dWizTVxWX8Trz
tDkr9JAfi1OHAW1PGOageIp4
bCpMtHKU3mVp8BY5sQ==
7WKpsMWt8nsrhJClJeOZNg==
0A9KTlETQ86Cmd8k0o5NP5RwCg==
aJ61paNJztSp42c=
CrgoA8ySIOsytCbO1ZwV
i46SnHYDD9tTIHI=
XFRCRCjtFZeU3x4Rn3xfD5BnPz+RDA==
c4CZghuHvzW9A31gEz0d
QAjzz9qyRRWBNYseAI4M
Jpbmu4A1YvBvN3ruZgiRmJA5BCFd
PfoFXGNFhhuX8Trz
bqCfk0m8ApAl+Tm1Ms5Tb23IT7tS
z7INff7HNALxc5HWq2/ftrVR6A7R1zvTUQ==
m7IShV4LSFxbqxhrVsZ1Ig==
BHRp7q0gtoRuqBRnVsZ1Ig==
SnqEhE/pEKitAVYv+MtfgDwL1EuxZyihRg==
1xpDKRHJ7K/tqQzEfaJvDIeRWI5DZyihRg==
tAQpBfGi8mppxC4LbDQNI945BCFd
nk5kz8aKDecavxHOYeugeIp4
wPYvLS3zK8FvdJFbQVY=
WAATk07VS0xU9Dvx
KdwXaxSYC9G8DG2tUOBR/X3wtEM=
EPQVcwx5eXw9i/E3B9tpP5RwCg==
MN0FmlPPDZiu5zVpA58wA0Q/5F4=
797QsL+c/saMxtZeQFQ=
TISijiWfydvQFQ==
ama7D8Ntnxsr9Gg=
PcnRSFMPjGFm8BY5sQ==
npSIXvRrsj25h91pUHZGbX3wtEM=
0CAJglT6dkKyhZFbQVY=
kL69pLud0pT4Am0=
sG1JDgXWXydt/VHO1ZwV
zxVdYWYhqoHvrt5W2G7a5PL71zEyHIIx
i0Zm9MhPh/vvI3ycVsZ1Ig==
kjRJqKB3nRgihH2kM0E=
/s4LgD5dmCtOBCkprA==
I278sNm5/o/FX2dZBAKYKg==
eP/5flDtVw2X8Trz
Ik9oUEj8hFO6eeK1gJg/xkILDkwPAw==
QIS5jUjlUhtr/VHO1ZwV
RcC5QQyGv0mFC2BnT3igeIp4
NL7LMCoKT93dJWVTHJgywToxAg==
yzhyPgzSYDGthZFbQVY=
PqmV5ObKBpvKUJZYcGg05HtiCA==
/W9bsq7IsDuC
T8LMKrI2jA8BQ4yQVsZ1Ig==
eHof90VMPMXQDQ==
8TSLglnyajdx/VDO1ZwV
ZQYihA2I+rn4g7eQVsZ1Ig==
JCmxphUQ06is5Gc=
H2C6sYYiZPAxoxNnVsZ1Ig==
5NxIrpR6DM2Jd5FbQVY=
vDCXqaJj6Pw2EXA=
CBI+Gdh67Pw2EXA=
zxoDhkPEDpTET7a6Os0tj1BpDBfmYgo=
neEtD8Y0YN7fMV7O1ZwV
W+BPJ/S6QhmScpFbQVY=
iAZaRHA3ZgUpsQvRiZ5XP5RwCg==
CQtXS8LIsDuC
absbox.org
Targets
-
-
Target
Consignment Notification- 705643291.exe
-
Size
226KB
-
MD5
a60cbdaf4f35894d7970f9bcf606acfa
-
SHA1
fe4a22af06fb8d122065dfb0683a7dd9c6baae9a
-
SHA256
6a7b8ed7f2cfe7f8a3030df54f1ba443025c54e5a15d416469aac2a696d7bf1d
-
SHA512
7b9822089f6251b116e589140473e8f671568bd45b954c505ab77163210594fd4a4b0905d9dce3b601d50ee217e8f4c06f9fc05cae84873b2498f8c1d3d7b323
-
SSDEEP
3072:QEhKzShSycSMIZLq4ziw2z2nsfvTdob43u27OP4XrefAKNdOR6XgrhedPZphUYk:QBn1Ig4DvNb43m4qO4Qr85k
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-