General
-
Target
binL-main.zip
-
Size
188KB
-
Sample
221207-hd4bjafg91
-
MD5
3876dfc155111b62894cac36cf8de039
-
SHA1
a3b6a7d90e475fc5ed8e093c3527e4deb4db9e72
-
SHA256
ae74329d05f75049f9fc301d1ea99c34b4320edd9e3af685c84d47dd69406d08
-
SHA512
6c03ba36d8258d890d46edbbebade92f0a8c54b2f8801a402a635fba18972a4097dae79e312bc2354d09b3166d6441aa6531bdb40c22b9b6fbe521d520b2a8d4
-
SSDEEP
3072:PdroMwND0GQ4zGI/5RT1ygz652b4HDrX/3NYeeDNHkcP7biIkUOuTDcTlgbYm6C9:F00GaI/PTDCa4PX/NY+pIROeDch0okYM
Static task
static1
Behavioral task
behavioral1
Sample
wininfo32/lib64.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
s3f0
zm/xqaOkp7SIM6I9k8cYYQ==
R3BJUiYhIJsD50TcNbbEexs=
r92WbDh7DjlsCftKuG56
UmoUBecGa6YL6A==
UQLQ4AmN+i0R
ATNkzEHBHyMM
BSHJi2n11k/Oq+6Mug==
+Z7elo1OY5UH6Q==
dZEf25y+5WLNqDGY9DI=
Zu6ipAkOo1QGo6fHrw==
iquKhUajLOlfLDduk8cYYQ==
6HcbD4jxPzcS
kCkEGSRmmQVzS1l7k8cYYQ==
kpV9fdfeZ3ZO/ozTsg==
Vea2yr7h+HTYxwHH9C8=
j7h4fHeMuGfayAHH9C8=
tcQ2/YKFQAFqYKxQfu09Rjl6FA==
RVYC2MYEERU2x8sXLiY=
dv+nDEaN+i0R
CbNkLJj8EFE0Hmn/LSeqpVhnTmJs
+ZEOpoOkxECzic912Y8PShp8Aw==
a0RqKQgbY5UH6Q==
r8V+RgNeIIkBjs3ZsQ==
7Qv6BWh/PARjOnwukALFRQI=
MUUVLrgDSk8zDkSM8+Vr
GzbbrHzx8TsG
HKl5kIqcyQf+5PcjBw1LgSt2
OeGPjRA81MyxjxlMIjg=
ModfBJr4pVI9HDU=
WxEkl1ieterVowJWOqwntZa8jK4=
5A+whwjta6QR8A==
ITMeM7j1ophzQ1lv4+xedg==
mMRuTEalMPNTPIYLZh+mLvlU+oyOCxOwfg==
Nrowi6Wgx3HlvAxnk8cYYQ==
VdxwOYbxSz8O/g==
MsFyPR9WdOdW/ozTsg==
cnUhYEcPQ4nuzA6Sug==
nkIK4UmbRz8xCh5CNCFyL+9LEqmUCxOwfg==
Ib0g7nBq49zFnOx+uLQtIdI07P/DGB2Q
tmM4VN0U2uIG3/5O
ZQGERYSVSgxiQ2GHu/ZCeA==
fxTMo6QIqrqdeoigPvxIfA==
OlPprpwDnsy9g7UMvu9y
E+56QVJyxgiuTE6Kug==
ydqQfADocyDUZa5L
n0W9d8X4os55RTw=
cBHV2GKtsOfafu+VpQ==
1HQCWd878ufauAHH9C8=
jrFRNQz6Id5PFWD9La3wdpa8jK4=
jy+7SS06N7ci7UKXgvJDaQdWJXhYiA==
11cuU20ltrJKPys=
BqUx71KxwGPeq/ST8Koytpa8jK4=
NkrsRrjtns55RTw=
sUj218/A3SEa3irUPLbEexs=
t1f0viixHSUM
x2PtpvQs2si/h81ThvE4Rjl6FA==
UPnS6Eg3yIDesbng0j6OtU/X1cByfdE=
uGtfm4RJY5UH6Q==
+5FJF/1Ozoro1QHH9C8=
PVcAup3f+jI=
9Ik+OaG4Qzgj9jagPvxIfA==
sUkveHFEY5UH6Q==
kCuqZrX8CrQW+ghcwwNBBbYk4vvDGB2Q
bJpcLRmx+yMO
worldhealthfoodfair.com
Targets
-
-
Target
wininfo32/lib64.exe
-
Size
202KB
-
MD5
676380743dd23f61e18c1e044105168a
-
SHA1
387fbee19170c2ddc8c4faa2b38131fe9b3259de
-
SHA256
d8b2ccbb31253f78340e5a95ac72cb871e52338526817cc5db09107becaf7b36
-
SHA512
685d3bf901993ddec9a786132f1f9e9b48c6d8697fdce67f26813b0e1d1b1b2419d37db35c43829578255b51d80877a243b395d2a4423eef4174b5168dfc8b14
-
SSDEEP
6144:qxAVDI/PTDCC4vX7NYEpItOeDwh0UkezRpt:qxAVD6Pn0v+EaOeDo0yzRT
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-