General
-
Target
hbuIgEcnzT30Uma.exe
-
Size
828KB
-
Sample
221206-tdcdlafa4s
-
MD5
0e3d9093a78c09e35a878781b8324dce
-
SHA1
8edccec93f1f626b72794d41308dc019d79c361b
-
SHA256
a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4
-
SHA512
cecdd4049457492d7c564d3180e9ad791f574291fb19575fdbc5ef1bac382492c99a215c2dd1a9ce5dbc1c1c90ed7bc3033988536b56d8198f45deddd7d6923b
-
SSDEEP
12288:JYCcinkg586aWHffUlllYUJ1Q0ydOML09Vjc4eEWBd9njk/:WCZnB5O8fUlQoyVWWVJ+
Static task
static1
Behavioral task
behavioral1
Sample
hbuIgEcnzT30Uma.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
bmr1
q05YNsJC4MpYLGAf4A==
6KUzKCvwX0fwzrFQXvlucw==
KA4ZibW1w+hWN5Q=
TfgNq18tIWtsM7h+DexncQ==
zspNqjUKBdJVHTkiMMXJYeF7G53bVvMPoA==
hopQr+b8KzPIbMWvw0Yxir6cyw==
2thmt+17FR/MVsakbM/+w3xGOhopJw==
5gO5gfA6jwna/4FNSPqrvvHyr2A=
kqtr0wr9KaOXVMyDDexncQ==
PNldyz0Boa5cLGAf4A==
Gysor7fqabd0UzTwWp3Zir6cyw==
pMRgV18gtLorB21prX4=
ukpf+vu2u+hWN5Q=
pcS/rO+KmPMj69G9cMHnoSEm59cbIQ==
4fWGzv347bFNDYJeeIHKG5co
WXlRyM2Yn+4Ab1EgRAFHWdGDCzf1
ZPoM+2U1cwMzteOBsHY=
o8jQoNron4sT3A/KomE=
7QX8tTpv/A+YKw==
wFvmV8SY/A+YKw==
95ZJuruBovPziXkgyca4
DMhVqQXTdWLZcWM3IVNtZg==
Fya6G31VF/eHQ+OBsHY=
Q1AMfbPC2yU1IZV9q4C8vvHyr2A=
fRtdZZssSsG3s6Z7
bxBFLS8FnGv/bdOdDdjmfHz9ww==
0YG+jc1b/A+YKw==
lRliT3IEEDJ4ZoZ8a+7meQ==
dI7SuWbu40M=
Z4oXeMBk6sdDMow=
h5BX2BodM4ChJyEJXWhZEIlmBBTw
cYNHnMHSDHNoFn5XDexncQ==
U4uXeMXGel/Yo5F7JWy7ir6cyw==
w30JX9IHAfmEUkjMfJSh
nyYeAHdAO4ibDfK6+QoHkxDjQ0L/
kRNHMSv9qT1YAOi+/YTEubWayQ==
K84SAQbaiIE2JhEBwkI87fHyr2A=
/TfyyBrkRXG3s6Z7
Xm4DxD9z/A+YKw==
Iiod8GDRqTNm
UQavJOBL1PauNg==
5gHqohpY/A+YKw==
p9NjrOfd7y00suOBsHY=
+QwD0hEcmOH9FrqKOoip
t1ynrb95ITDbVcCcYLbyyYAhz/aC86DP
nsJ4j550C9tdGUvpa9jieQ==
2UyPicBXYsG3s6Z7
JcXRsh7oFKPHNx7+VFi2w/Hyr2A=
3AT+4Rqw0TI3s+OBsHY=
0m73TYSQvcdyP7Khu0w87fHyr2A=
0tyaI3KOu9UtnY5MWuNVKWo=
SXV//PAYkeL6tJB6LnC7ir6cyw==
BZ3ZnFfRqTNm
DIiVdbFCcAQd/3FWhBPOSNDjQ0L/
PzqDVoWG2r6rM5N9histir6cyw==
QFxDG5iTNsm3s6Z7
K07iK1LZc1POTrmDDexncQ==
1WJ3D0tnnQICtizlgdNO55Ii
Y3YBWZCixOhWN5Q=
N1AaNH32m3YaLGAf4A==
2wYTDEnS7XWxVTvMfJSh
Um9jMnNrA+BtRUDMfJSh
8eqyDgzQxuhWN5Q=
JbnNV71HXsW3s6Z7
escortsforme.com
Targets
-
-
Target
hbuIgEcnzT30Uma.exe
-
Size
828KB
-
MD5
0e3d9093a78c09e35a878781b8324dce
-
SHA1
8edccec93f1f626b72794d41308dc019d79c361b
-
SHA256
a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4
-
SHA512
cecdd4049457492d7c564d3180e9ad791f574291fb19575fdbc5ef1bac382492c99a215c2dd1a9ce5dbc1c1c90ed7bc3033988536b56d8198f45deddd7d6923b
-
SSDEEP
12288:JYCcinkg586aWHffUlllYUJ1Q0ydOML09Vjc4eEWBd9njk/:WCZnB5O8fUlQoyVWWVJ+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-