General
-
Target
SecuriteInfo.com.Variant.Jaik.107269.23782.2039.exe
-
Size
270KB
-
Sample
221207-bv8t1sfb6w
-
MD5
0ff8e474e408769e00d0a563fd112b6f
-
SHA1
a2c84573b26a5c8f928a07c642b5bdf01c4c842f
-
SHA256
91b5a61f0615710ef9ca5fd015e1cbe36b908516c5882463e4bdc694133c0829
-
SHA512
efa2bd96ef3f480d05cec21e61c77376ab36d75a373d9f3ab2027f782c31c8b957fc1a350119c64a3fcd2d55c65ef6647de03abc5ad0d24cf71e1b4c57490bed
-
SSDEEP
6144:QBn1o2vrhVpx41JVnhm643WTQWRlq3B3BQjD32nPcPj:gXhVpm1PCE6xQjSW
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Jaik.107269.23782.2039.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
sdq4
M/NxSqNc5vEVvfXWWA==
X0Q2HDisLuzoYHfD/mIcqVDnOotmMQ==
rpEiJ3YmytzsKpdRm4BC7C+2Tw==
fm8cTFjP2FWL2pX5CMjb
5ZhWW5wmXtrmLgrzSjT6uhFBjJHnOQ==
x7J40079eC34LH47UXg5nQ==
ZP8X4tob2taHVprY6DY=
a1jaSE2/8CrzM/8SUXg5nQ==
f5NPHDH65GxGSnZkngvT
IgmQAMCztfqJvfXWWA==
g1+wuFVS/tReSfENUXg5nQ==
SivMIukaJaRo0q8C
LQ9gYduaQQzUE5rY6DY=
TwJTqpALLLkbSI8=
uGsh+xbSG/Cg0Eqd1i8=
p1gOxrnIf1QXDg==
6cuOoOaSRhDQEprY6DY=
nIVfX649g7xtvfXWWA==
RiWd3WQpq7DSGJrY6DY=
ESeuyPlUh40hEw==
gWUpBQqBujFIvfXWWA==
UDO4oex1P/cRGQ==
49VwWOLXgjrw7w+PFf7Oyas8
cSneThksw86WlCrX6D3hfO7OGVc=
E/l8ZqpdJ5rC
vJ4te0G/XCk=
4bc6zeJglCjoCZrY6DY=
39KR8H07xNKJffqwA9DXgO7OGVc=
TC3zbPK0akYGLH47UXg5nQ==
eGwYgjf801sBMYc=
MQe+r7zz9odKQJrY6DY=
Vk8TIdclSo9Cf6thv5q4lQ==
m41YuEg64fO3pxHjTvFN5xc=
uahz1FlJ4sqnHBpy9vFN5xc=
y+flUebqjmo7elz5CMjb
u2vRoO+mSwGHcWv5CMjb
STjDpOls7Lldjuhsjk1cDURyzNLmezM=
nYX5vfquVRbXFprY6DY=
JB+8vlpJ/BTNslBOyLv0ueHvkxjHn0EV
QR8SiwKA9r5VQJrY6DY=
NeFiR4xG6fIKciIoSgbOyas8
ZhmT3ZjKiYpKQOoChWj2pyavTQ==
7dDA43AuxLkbSI8=
dVtBMDV2oeyIvfXWWA==
KSQXAgI/XPMRgNcp6XwdAH4kzEA=
r2fhMtqlIitfoP7PeWKOgeS8aO89
bybcKKuZQlcfC5X5CMjb
+dnRN8zAu/iIvfXWWA==
YPoD49hhPM7f
UhO5tP+oQklLpihFb87M
WDCChA3IWQ228z24Oy5kRU49S84q
IgkM9OTjf1QXDg==
zmC4/jzH/4E4Ppg=
LOeRXGLdBpBLNE72MY471RQuTpPtby4=
RCm/HYYaS8/gGvAIoZLCgu7OGVc=
/uKnlIONmve35JX5CMjb
XwnoPsWpnuxo0q8C
AKCY8Hyr/PIdZJY=
y7Mmrr8ADppo0q8C
RRJkOm0Qq8KAvfXWWA==
WDvyO7afSlQPB4Q+UXg5nQ==
HcyC421c+8t4kCPiGtHXfu7OGVc=
4nTMDkDJAIE4Ppg=
OJKNMbHwdDQ=
yceiei.rest
Targets
-
-
Target
SecuriteInfo.com.Variant.Jaik.107269.23782.2039.exe
-
Size
270KB
-
MD5
0ff8e474e408769e00d0a563fd112b6f
-
SHA1
a2c84573b26a5c8f928a07c642b5bdf01c4c842f
-
SHA256
91b5a61f0615710ef9ca5fd015e1cbe36b908516c5882463e4bdc694133c0829
-
SHA512
efa2bd96ef3f480d05cec21e61c77376ab36d75a373d9f3ab2027f782c31c8b957fc1a350119c64a3fcd2d55c65ef6647de03abc5ad0d24cf71e1b4c57490bed
-
SSDEEP
6144:QBn1o2vrhVpx41JVnhm643WTQWRlq3B3BQjD32nPcPj:gXhVpm1PCE6xQjSW
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-