General
-
Target
SecuriteInfo.com.Variant.Jaik.77520.20069.28067.exe
-
Size
332KB
-
Sample
221209-bvntvaca57
-
MD5
a3bd608d019d827e4eee68f67f39a444
-
SHA1
6e9874bac7b065a42110cef5c1b060de94123b2d
-
SHA256
2af0bbe87c28664ad5b453eae02d512f770962319673b9c494d85b717a6f9edf
-
SHA512
6b73f10a981a23c9ba0fee05d24b77b15220716172e8b48dc7d2e409e774e6fafbcdced2d5832a21f5863c38f51d553a51e1ad5ae15f7aae5d824366f2a289d8
-
SSDEEP
6144:9kwmZ6RfPyO6qBUnqk5yx+9JjOGNE1STKB7xUbGpn9C+xv0/159Xmj2pO6GInyw:qZ6RfPyO6ZqN7GNsTVxBp9PdK5XmK5p
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Jaik.77520.20069.28067.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
k6n9
NzUYPBPnE+UWNJX0b/5zZQ==
ZcsDmdfNeiREr4loZ9k=
p4Pecr+pmTFp+Az4AGoSpvqp
4jwUP0ApYThdpDmZcNp+xuej
0tmQjRQKSQbR0N86
MgfR+qwWljDdagbsn8Ukr8bc8A==
shQ3YCpOQPp/9g==
Q4mmwEidJLBJug25c6Vxcg==
OM1kEJDdGNpv7nMy
7FmP1iykTQZ7q0Hq5g==
9lVGWV44H63+A5oGc6Vxcg==
Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE
xJMBmQj3MRDV7MBXzEep
mJpebAH7RkkGGbsZwZ/weg==
u6FXU+JCphyVyCsUBP0Spvqp
B/mwulPBDRm5q0Hq5g==
E+JiHcUb7gR+8A==
BgGOL5SLfQ9BzuPDxzeVKEIuOKDL
wZdfmzTbOcnEF3Mi1QnVpPCo
J63Z+Jv5L+JOhd+zc6Vxcg==
IgTWNszonS66
JJLVZ5p7Ye0esJBFKpB1gp9qPIXB
SJpxmaKEh/Dwe0xyZNE=
xsUw0kqVZjjMGbsZwZ/weg==
oJ5hawcALz0Sck8=
oF0OIcLonS66
wKMurq0dfQ29Fm0k01KpXnwOVkjtHSIsJg==
3spAtPvj0mNaliiTLSP7sQR9+A==
27cSuCoUOfHyYT6YTj4R3zYuOKDL
+QffF/FhHSEZZ00=
JASzumTKM8Zyy91Hw+3a1u93+g==
lIZZlGTVTd1go7VXzEep
PhCGHoZseeSv7Ufz7g==
9GfPX450yp6fEOKD7VGw
ObrDtmPKL5M0orJXzEep
AMt6lj+3ZQyzP9nVn8Ukr8bc8A==
cohLVe5E1vSL+g==
GRSfJ3xdm2hr5e3h80+sesp2lda+YszE
LiepIk4+Pbu6A4c2DfwSpvqp
1GCzadTonS66
aeb9JhiHQ/0SRvJaHf0Spvqp
a9UNouPB9PVWkJQG1sSh
tzEz87wg7gR+8A==
k5MSpgToH/IDgExyZNE=
imO/dAho3XYUU6iBhnhDGC/RD343JA==
PRefVZXonS66
c+hD7BXuNyQxb/Guc6Vxcg==
0BkTBTyNDRG2q0Hq5g==
4bdhB0c5FdLNXkOXUj8dHjtIUoWbHSIsJg==
WSPnIPRmJuZwq0Hq5g==
0LEjqQHx3G55sUxyZNE=
sRD+EO9b7gR+8A==
VzzLZdLonS66
5t9I60w0byjMEWtXzEep
CXOCrZYBawPAGbsZwZ/weg==
WyuEKrEdhXpg2cFXzEep
ifc4vsCPSgYbc00=
SKOdlgStLdZ+jzYO+w==
iYsRh7aXhz0Sck8=
6LNS7gHx7gR+8A==
bMK9y7CHUQLr9lQFzsah
3L95egVeMQuwPZ0Cc6Vxcg==
MH9ZeW3pUtZbb1c=
qa1H5E07ZAnR0N86
api2022.top
Extracted
xloader
3.Æ…
k6n9
NzUYPBPnE+UWNJX0b/5zZQ==
ZcsDmdfNeiREr4loZ9k=
p4Pecr+pmTFp+Az4AGoSpvqp
4jwUP0ApYThdpDmZcNp+xuej
0tmQjRQKSQbR0N86
MgfR+qwWljDdagbsn8Ukr8bc8A==
shQ3YCpOQPp/9g==
Q4mmwEidJLBJug25c6Vxcg==
OM1kEJDdGNpv7nMy
7FmP1iykTQZ7q0Hq5g==
9lVGWV44H63+A5oGc6Vxcg==
Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE
xJMBmQj3MRDV7MBXzEep
mJpebAH7RkkGGbsZwZ/weg==
u6FXU+JCphyVyCsUBP0Spvqp
B/mwulPBDRm5q0Hq5g==
E+JiHcUb7gR+8A==
BgGOL5SLfQ9BzuPDxzeVKEIuOKDL
wZdfmzTbOcnEF3Mi1QnVpPCo
J63Z+Jv5L+JOhd+zc6Vxcg==
IgTWNszonS66
JJLVZ5p7Ye0esJBFKpB1gp9qPIXB
SJpxmaKEh/Dwe0xyZNE=
xsUw0kqVZjjMGbsZwZ/weg==
oJ5hawcALz0Sck8=
oF0OIcLonS66
wKMurq0dfQ29Fm0k01KpXnwOVkjtHSIsJg==
3spAtPvj0mNaliiTLSP7sQR9+A==
27cSuCoUOfHyYT6YTj4R3zYuOKDL
+QffF/FhHSEZZ00=
JASzumTKM8Zyy91Hw+3a1u93+g==
lIZZlGTVTd1go7VXzEep
PhCGHoZseeSv7Ufz7g==
9GfPX450yp6fEOKD7VGw
ObrDtmPKL5M0orJXzEep
AMt6lj+3ZQyzP9nVn8Ukr8bc8A==
cohLVe5E1vSL+g==
GRSfJ3xdm2hr5e3h80+sesp2lda+YszE
LiepIk4+Pbu6A4c2DfwSpvqp
1GCzadTonS66
aeb9JhiHQ/0SRvJaHf0Spvqp
a9UNouPB9PVWkJQG1sSh
tzEz87wg7gR+8A==
k5MSpgToH/IDgExyZNE=
imO/dAho3XYUU6iBhnhDGC/RD343JA==
PRefVZXonS66
c+hD7BXuNyQxb/Guc6Vxcg==
0BkTBTyNDRG2q0Hq5g==
4bdhB0c5FdLNXkOXUj8dHjtIUoWbHSIsJg==
WSPnIPRmJuZwq0Hq5g==
0LEjqQHx3G55sUxyZNE=
sRD+EO9b7gR+8A==
VzzLZdLonS66
5t9I60w0byjMEWtXzEep
CXOCrZYBawPAGbsZwZ/weg==
WyuEKrEdhXpg2cFXzEep
ifc4vsCPSgYbc00=
SKOdlgStLdZ+jzYO+w==
iYsRh7aXhz0Sck8=
6LNS7gHx7gR+8A==
bMK9y7CHUQLr9lQFzsah
3L95egVeMQuwPZ0Cc6Vxcg==
MH9ZeW3pUtZbb1c=
qa1H5E07ZAnR0N86
api2022.top
Targets
-
-
Target
SecuriteInfo.com.Variant.Jaik.77520.20069.28067.exe
-
Size
332KB
-
MD5
a3bd608d019d827e4eee68f67f39a444
-
SHA1
6e9874bac7b065a42110cef5c1b060de94123b2d
-
SHA256
2af0bbe87c28664ad5b453eae02d512f770962319673b9c494d85b717a6f9edf
-
SHA512
6b73f10a981a23c9ba0fee05d24b77b15220716172e8b48dc7d2e409e774e6fafbcdced2d5832a21f5863c38f51d553a51e1ad5ae15f7aae5d824366f2a289d8
-
SSDEEP
6144:9kwmZ6RfPyO6qBUnqk5yx+9JjOGNE1STKB7xUbGpn9C+xv0/159Xmj2pO6GInyw:qZ6RfPyO6ZqN7GNsTVxBp9PdK5XmK5p
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-