General
-
Target
a1c968590da09ecc1af225059c8b86af05f84465ff069b5327ea9c25172201ad
-
Size
913KB
-
Sample
221209-cl9wdsca99
-
MD5
7a37f59f86f494bd672237e660b3389c
-
SHA1
811bc7fb1a470ca91165e2450a0fd33e0ee663af
-
SHA256
a1c968590da09ecc1af225059c8b86af05f84465ff069b5327ea9c25172201ad
-
SHA512
8217869012dbc876b900d55c971228e9eabe1171b20c75ac7c0129f74229588fd455135e5155bcd1c751c37e8f369bacb7c9a2201646f218a11c6adffd8b644b
-
SSDEEP
12288:T5zlrGP6oP8qZExrT9sg98NBXdAyq+RDN+3bZY+:PiPn5ZwrpH85A9+RDo
Static task
static1
Behavioral task
behavioral1
Sample
a1c968590da09ecc1af225059c8b86af05f84465ff069b5327ea9c25172201ad.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
bwe0
GA8abA96SLI=
RjM/QAsrNyRPlNEjahNMdKXlPtbXpQ==
rOQ4ySihIKVFhRnhZxfZ
iSnyAlGXQBSBwz1C
SYfcQ54ijGWAuQq1UQTE
XRcVgsQIO8FVnvCOiHLvE3k=
K2XLULRJuod6I3dO
S4oH5i5i3+expw==
4hZdto3RgCY9esve1k7T5x9YPw==
fkpgXDuEv2NzvxCcq2AxMnE=
13czFGvtsco1gf8=
ub4KhXCsZ/qnnvYTijN3dA==
WD5IRIcJB51Hfs8grBnldA==
YqxA1LPudXGKyP1FlQ==
MZHXMBdZ8Mf2X3ZjSVY=
7mLLNhchknqdLVbz+6ci4VeD
66OK6kmRv8N6I3dO
+97y8jK5vTnIn8crIwyHnRxv03Kp
PC1PqPJ6573fH0aUnGAxMnE=
3BFlt4nJcA3Inb3TGO02bq++XzWRMVg=
JFWj7LK++b1oRUtG
TbxQMHrFdPd6I3dO
ltV+Zbop3H8ufAGhzN3O
mlcxPKADy6TjUdNgnWAxMnE=
GZlnUCk98Q0sfdIykw==
ejIKCEuKTCdRrCmEik4Llxxv03Kp
oBioj+xiThlFleT8Sb2OU6jyDjWRMVg=
FTiMDEy9JumdFnxiig==
3F/6yw1VGOkbfvl+wLtBZ+YotQlBMKb8sw==
gP2ZcmKh5co1gf8=
QB0tm/t82o5NJ0/hZxfZ
7p+eEFywCuQDNXv6UOqfYw==
VT09fVZax5pZOWDL1JH64Ima
6y+iWKUy3+expw==
QsByZl2v6YY/IF87hDWDmRtv03Kp
FMSC3UQG3+expw==
4iZslO0xz0vUntnn/fX2k6bkRPCE3nhQsQ==
QALQo+6BigCVFnxiig==
tGEvL4wVB82JcsmhzN3O
C3MpKHrHh0hV4B2p4dR3dQ==
+jBbwhmM9K3ABEXhZxfZ
Bgtm5ypqp4F6I3dO
gjAL+kjz7sphJ0zhZxfZ
XdWUftmHvYF6I3dO
/72t+jNqjjDTEV4tbVg=
DogcC2/11HdGqv2BEuHA
XgwEGD8FXWErZmlI
i0Ud7r7Ot39AkQrk3Y1frfEsNw==
ldkwfVSeU9dkhpeknQ==
Do9QPSpsaYJ6I3dO
lJCssH2SnGLkU+Y=
993QLp0nk1yDgZd1rBnldA==
k8cWkuts5VMbaZ9quHj64Ima
bF53yjBwIg9H
BYcZjHa7hWAyFzAQMyg616PYPtbXpQ==
XFSfGGr2bDP/ebB8x3Izrh5v03Kp
A8PhVrAswln64jlMWGnQ9pXThRZ8HLyi
yL3yWzZCyVcmpCbw7q+FFPkIFzWRMVg=
P8yKVC56enmwYp+HpaPR
OvT4bdZHwkTRntehzN3O
re6GEPc19FobfNUkrBnldA==
3JOU+kudyloQ/zcBR2FgrfEsNw==
B/cOgMQIHPYjkynCGiG5xbYaGwQ=
XqQpFlRw8m4bXJt0uZZ12SVNPw==
my1245.com
Targets
-
-
Target
a1c968590da09ecc1af225059c8b86af05f84465ff069b5327ea9c25172201ad
-
Size
913KB
-
MD5
7a37f59f86f494bd672237e660b3389c
-
SHA1
811bc7fb1a470ca91165e2450a0fd33e0ee663af
-
SHA256
a1c968590da09ecc1af225059c8b86af05f84465ff069b5327ea9c25172201ad
-
SHA512
8217869012dbc876b900d55c971228e9eabe1171b20c75ac7c0129f74229588fd455135e5155bcd1c751c37e8f369bacb7c9a2201646f218a11c6adffd8b644b
-
SSDEEP
12288:T5zlrGP6oP8qZExrT9sg98NBXdAyq+RDN+3bZY+:PiPn5ZwrpH85A9+RDo
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-