General
-
Target
lib64.exe
-
Size
202KB
-
Sample
221207-gbp6fsce41
-
MD5
676380743dd23f61e18c1e044105168a
-
SHA1
387fbee19170c2ddc8c4faa2b38131fe9b3259de
-
SHA256
d8b2ccbb31253f78340e5a95ac72cb871e52338526817cc5db09107becaf7b36
-
SHA512
685d3bf901993ddec9a786132f1f9e9b48c6d8697fdce67f26813b0e1d1b1b2419d37db35c43829578255b51d80877a243b395d2a4423eef4174b5168dfc8b14
-
SSDEEP
6144:qxAVDI/PTDCC4vX7NYEpItOeDwh0UkezRpt:qxAVD6Pn0v+EaOeDo0yzRT
Static task
static1
Behavioral task
behavioral1
Sample
lib64.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
s3f0
zm/xqaOkp7SIM6I9k8cYYQ==
R3BJUiYhIJsD50TcNbbEexs=
r92WbDh7DjlsCftKuG56
UmoUBecGa6YL6A==
UQLQ4AmN+i0R
ATNkzEHBHyMM
BSHJi2n11k/Oq+6Mug==
+Z7elo1OY5UH6Q==
dZEf25y+5WLNqDGY9DI=
Zu6ipAkOo1QGo6fHrw==
iquKhUajLOlfLDduk8cYYQ==
6HcbD4jxPzcS
kCkEGSRmmQVzS1l7k8cYYQ==
kpV9fdfeZ3ZO/ozTsg==
Vea2yr7h+HTYxwHH9C8=
j7h4fHeMuGfayAHH9C8=
tcQ2/YKFQAFqYKxQfu09Rjl6FA==
RVYC2MYEERU2x8sXLiY=
dv+nDEaN+i0R
CbNkLJj8EFE0Hmn/LSeqpVhnTmJs
+ZEOpoOkxECzic912Y8PShp8Aw==
a0RqKQgbY5UH6Q==
r8V+RgNeIIkBjs3ZsQ==
7Qv6BWh/PARjOnwukALFRQI=
MUUVLrgDSk8zDkSM8+Vr
GzbbrHzx8TsG
HKl5kIqcyQf+5PcjBw1LgSt2
OeGPjRA81MyxjxlMIjg=
ModfBJr4pVI9HDU=
WxEkl1ieterVowJWOqwntZa8jK4=
5A+whwjta6QR8A==
ITMeM7j1ophzQ1lv4+xedg==
mMRuTEalMPNTPIYLZh+mLvlU+oyOCxOwfg==
Nrowi6Wgx3HlvAxnk8cYYQ==
VdxwOYbxSz8O/g==
MsFyPR9WdOdW/ozTsg==
cnUhYEcPQ4nuzA6Sug==
nkIK4UmbRz8xCh5CNCFyL+9LEqmUCxOwfg==
Ib0g7nBq49zFnOx+uLQtIdI07P/DGB2Q
tmM4VN0U2uIG3/5O
ZQGERYSVSgxiQ2GHu/ZCeA==
fxTMo6QIqrqdeoigPvxIfA==
OlPprpwDnsy9g7UMvu9y
E+56QVJyxgiuTE6Kug==
ydqQfADocyDUZa5L
n0W9d8X4os55RTw=
cBHV2GKtsOfafu+VpQ==
1HQCWd878ufauAHH9C8=
jrFRNQz6Id5PFWD9La3wdpa8jK4=
jy+7SS06N7ci7UKXgvJDaQdWJXhYiA==
11cuU20ltrJKPys=
BqUx71KxwGPeq/ST8Koytpa8jK4=
NkrsRrjtns55RTw=
sUj218/A3SEa3irUPLbEexs=
t1f0viixHSUM
x2PtpvQs2si/h81ThvE4Rjl6FA==
UPnS6Eg3yIDesbng0j6OtU/X1cByfdE=
uGtfm4RJY5UH6Q==
+5FJF/1Ozoro1QHH9C8=
PVcAup3f+jI=
9Ik+OaG4Qzgj9jagPvxIfA==
sUkveHFEY5UH6Q==
kCuqZrX8CrQW+ghcwwNBBbYk4vvDGB2Q
bJpcLRmx+yMO
worldhealthfoodfair.com
Targets
-
-
Target
lib64.exe
-
Size
202KB
-
MD5
676380743dd23f61e18c1e044105168a
-
SHA1
387fbee19170c2ddc8c4faa2b38131fe9b3259de
-
SHA256
d8b2ccbb31253f78340e5a95ac72cb871e52338526817cc5db09107becaf7b36
-
SHA512
685d3bf901993ddec9a786132f1f9e9b48c6d8697fdce67f26813b0e1d1b1b2419d37db35c43829578255b51d80877a243b395d2a4423eef4174b5168dfc8b14
-
SSDEEP
6144:qxAVDI/PTDCC4vX7NYEpItOeDwh0UkezRpt:qxAVD6Pn0v+EaOeDo0yzRT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-