General
-
Target
RFQ No. 980007 & 983185.exe
-
Size
239KB
-
Sample
221208-2askeaef7t
-
MD5
a9ee4f66b0686b6696d2853667da9c18
-
SHA1
6c4ec8743ac76cd05fc33ba3d05e82c47d87ecce
-
SHA256
05740669c4c15fd382ace1ce3a03d78ad0bbd9b1dafa5d22d13fea990e07e65b
-
SHA512
d222a4cc4ea8b89b6aa66eee2f2ee0510cae392e15b04945e75baf3db7302ff9e9b8d063dce021096b539e26c26ea3478ecb4d17f3d763ff1f60a98e9c6a20c9
-
SSDEEP
6144:xBnYpMnlMPjMn6m3AWilyG6M2abL9cBjr8Jiw:UpglZ6m373G6M2alc9AJX
Static task
static1
Behavioral task
behavioral1
Sample
RFQ No. 980007 & 983185.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
m5oe
HdR8hG6r12hBYuHY4zv6YeeFPQ==
tD1V9gswYvgQXEGd
1xKtJ1LdqRYMRMC84U1A
MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb
joVB5Xggy2RtE+odsZg=
TrduAIay6Y3SvoIK20xI
pSna7LOsXXwXT/zz3Iow4g==
QnthmO4Qst5gC3sDoA==
eAirzOOgO7SOCenz3Iow4g==
xg0uSbfLTg==
YWQXwyGRzPEHzGrDFE8CBSE=
ujLnfuXoH9dbgHIK20xI
291v0XsGFrYQXEGd
MRvTd/qMuaHpjCM=
X131fLC6VWX4MsvCb2IPjIfq8wlksWfg
Y9Bur8DbgqFt/Yni86MMCCE=
q6RTBmJkmy5pWTmmCCrvmuCDPw==
mQS26DojT+EQXEGd
sjHQ+Kav2Wx9FeodsZg=
JA24UKnTA5re1LhcQaVo/w==
+nMYDuKNduLsjSE=
0Y9DVy/Tc9l+yjQ=
y7lwdkvTChreCREDpQ==
Ii3WdB9OaKHpjCM=
CMWQ4A8JKbwoNFp9nu7t6g==
gbV4IoyzQljj18uoLgjx6g==
6K5hYUwJtU5ySf92shofvBfYrldksWfg
HShGoi6WeQZh
+XRHCtltpLisZhq8oQP3tsIn
H92Mnqi1WFbtCREDpQ==
ScNmhoycwTWCnCciRLFr/A92fk4lLrXv
/mcDDzqp2eN+iqKcQzk8IFpI47Z1oDSkYg==
4Zw22mgivXjUVwsKrQ==
H6BuCCqWeQZh
AXgnNxLA5SJB/+odsZg=
ewIhwqy9EmQJYg==
r2QP0TaWeQZh
wH0tLEHAY/MrFNYtfK1ScJWi7cI=
CC3fiO5tJLm2VNIwxwNPYSP0u4nR
Fx7Zhw2aS6HpjCM=
IJxWlqZEdZpwDuodsZg=
yUjv9d2BuOS0KOodsZg=
3p9Rc2X7ORpG8LMaPbR8DkBwu0YHcGeudQ==
1HEaIfD3b79KiDEL3Iow4g==
wWMAE/eTvqHpjCM=
vLlwIqnDnTWyCREDpQ==
5Zw354BpX25V+MYFrJI=
bqtnHoun2nf7CREDpQ==
rWETGOZxl6iRGP8fuokZ/GMv
sn1e9rsTPWA=
nN+z3PKiu6HpjCM=
qifMPKbZgoXSZjD1FJA=
wJAvzTSWeQZh
XYVBzCOsTvAQXEGd
tCi/4MTHdZ9v9pT5FGwZ/GMv
uWdW5jhhSjC67o2V
IejMbKK5EmQJYg==
2ptC9k/Nex0+/uodsZg=
69+iVeaYNOokmEsorQ==
f4MkxCEdWBSt5WJD5cLF7EoRn8M=
d7dR4opPbeIZwWovuA==
4alR50ZbhAxOJfHUaVhA
g403rfwQH7w9ZvHron4xbLDfMg==
m9aSQLs51jmh18uoLgjx6g==
singglostudio.com
Targets
-
-
Target
RFQ No. 980007 & 983185.exe
-
Size
239KB
-
MD5
a9ee4f66b0686b6696d2853667da9c18
-
SHA1
6c4ec8743ac76cd05fc33ba3d05e82c47d87ecce
-
SHA256
05740669c4c15fd382ace1ce3a03d78ad0bbd9b1dafa5d22d13fea990e07e65b
-
SHA512
d222a4cc4ea8b89b6aa66eee2f2ee0510cae392e15b04945e75baf3db7302ff9e9b8d063dce021096b539e26c26ea3478ecb4d17f3d763ff1f60a98e9c6a20c9
-
SSDEEP
6144:xBnYpMnlMPjMn6m3AWilyG6M2abL9cBjr8Jiw:UpglZ6m373G6M2alc9AJX
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-