General
-
Target
fifth.exe
-
Size
736KB
-
Sample
221207-gcytzshh83
-
MD5
f4937a3e14c770221de47df00885285b
-
SHA1
dc22ac92d802f7339691082330dc36a236e86644
-
SHA256
1235cd108420d0531298421c807f494e09133bdab337a0d13c6e1bb7ebf239c4
-
SHA512
f06d1eaf53b7027a768f24d15f8b9cf099145f77765c8ef6a8577f37633ccb147f6d3038a46bce5c21de65b6bd78ab14636d6d233497210af07b2923a0b0c4c7
-
SSDEEP
12288:JwlQbmomPZefXPtqvyuQwYvCYDAD9AxDZCCjM+9MQJQv8vgUycEn/z:iomxiXQFwv1M9KDZCIMpQDgUDyz
Static task
static1
Behavioral task
behavioral1
Sample
fifth.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
06eh
LFsv6dX2ii6R8OphWwptZ9Uy+geJcQ==
F2g1Ra3riiwsEeceZ+kPoyzVyQ==
m7+bOE66nh10jg==
Dyb/VMcRh6yNuvVNwJjlrzs=
3yNAvKD3bmuj1Q4=
K7hi/htWsKfW6xc=
sqpSY7/gcvvY0tm0tWucCg==
LnSqfZJAUour0Qo=
Il4dO5W4JE9OlQYNbHc=
LUYTY9QKZHZPe74hTaa/ljM=
Qg6iySJSuuTgNcboVm4=
SJkvGoebIdDEsJn9AI7yPbNK
DKBLqQM7m6oaUKM84/sIFQ==
GOOzpszYDX9lkuZQ5pmdrDDeyg==
V5064wgZl0G1DxNTv5jlrzs=
Onlr5MMHSXuH/91V
oddlSLzpBTyiCAtcvmSS
ITsUV4Gw/mkWaGLjCHs=
HqWBQYO4SQBinnio6GmL
tDrGMY3MC5e1KdgFRw==
0i7Kht0BT9Uwf3Ko6GmL
xc1PYMXwRFdCmgWBBfCEgSI=
1iL/F3SSIKR9Z0OjqWO8QWOK+geJcQ==
Fe+L7lSACifHUJJA
auaHGYTIEaL5HsXyND+MOPMV1w==
WrJQBzNHX3BklQYNbHc=
WoFQ0Lg1eX8=
B2gExP0hRVpFeeP+KEKPDOMo3Q==
r/aKP5/0IlJilwYNbHc=
0BOhje7xbg8CAxJozFyB
LXwZ/dJ9VjmChA==
Y24VOZabw6fW6xc=
6XouwClDudWapQYNbHc=
qTHLXe0VcoJalQYNbHc=
vZt8lnINMtBF
AznPhp06WnORzwo=
Xu64frjiYw0ZXvkcUg==
7b5GpRApq71GlHeo6GmL
Mz4AZ8LFOzi6ZCtLCX8=
klPZKFddlA78DUiPWZjlrzs=
JW9CU629Mc8rZ0q9FgxH3Ge3bdBUN1/N
I505o8nnTe06YRxKfJvBEIeq4Kk=
iUw9iq/LL9NQ
SJVxiR15a/ZY
HYomnwlNVjmChA==
VjoMvzFu22NSUWaTVpjlrzs=
0yjIh+lpo0W0Fx8=
sIwbbLLu/AnqCSRNAYyZGEyA+geJcQ==
4bVHlMPvb+VD6I40j6+c
zxgNrXkB6j6umQ==
+MRimMbkcIVhsRKZQYjd3KZwO6E=
CQrJDnWnBxqFsPclWg==
Vi3XMZKj17PSzMVI
cJUoO3SNAxaEsPclWg==
CVL+tx5SpkSp8/ol7pPyPbNK
4TjYf2axMdZB
rfS/0mKR5oTIrzBONZnpHQ==
/caSDTR5a/ZY
gM032EJYpDdl/MX+RQ==
ePi5nAlFhWuj1Q4=
UVkKDHu1RdGpocgJz0liMPTlu56J
2DbXgd0DC9Q2g26o6GmL
mQ3huhs7ke6byIHj5iBKdSw=
WW8bQboxS1k4lg==
taplan-ms.com
Targets
-
-
Target
fifth.exe
-
Size
736KB
-
MD5
f4937a3e14c770221de47df00885285b
-
SHA1
dc22ac92d802f7339691082330dc36a236e86644
-
SHA256
1235cd108420d0531298421c807f494e09133bdab337a0d13c6e1bb7ebf239c4
-
SHA512
f06d1eaf53b7027a768f24d15f8b9cf099145f77765c8ef6a8577f37633ccb147f6d3038a46bce5c21de65b6bd78ab14636d6d233497210af07b2923a0b0c4c7
-
SSDEEP
12288:JwlQbmomPZefXPtqvyuQwYvCYDAD9AxDZCCjM+9MQJQv8vgUycEn/z:iomxiXQFwv1M9KDZCIMpQDgUDyz
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-