General
-
Target
103.133.110.147_-_OneDrive_-_csrss.exe___4c7135b466d0d97fe0dce29650ed97f2.dat
-
Size
333KB
-
Sample
221209-qyfd7sdc59
-
MD5
4c7135b466d0d97fe0dce29650ed97f2
-
SHA1
fde47b76280185cd1d39e9d22aed3d8e0047814f
-
SHA256
81276296b6d3afcded72b489d0d5b9c7e6e7a13569e3868f6c063489318d2a9c
-
SHA512
bb0820a6ee336942a3a06da0cc2bdc49ea870cde63ff0972ce1559531e473c256590826bd6b4ac5afe913748a4b07d2a7a4be0b4b1d047a7ba5d416329aaa91b
-
SSDEEP
6144:9kw5wnBY2pNRJapeMSZE2dcEtJI5WwYFJ0oPsMf48ZKXQm1s:YBfpf+eMSZ37keP0m1KX8
Static task
static1
Behavioral task
behavioral1
Sample
103.133.110.147_-_OneDrive_-_csrss.exe___4c7135b466d0d97fe0dce29650ed97f2.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
f4ca
omFHB5ajfJi1UEIEV9XcoRw=
UBjJkmQPyprdhcFF/bdCWQ==
evGKkBUj1je+otcfpw==
KgvGVeOATSt3nug0BIOm2JvOQycB
Lv6o3K0r9aSjI0lr9fg1txw=
LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=
99dte0XauJfk6Xv+uQxJFgA1gMktBA==
21FkkGB9gMniDQw2ffu6
r4lKBM/q6TZwVZfS
F+14qHeVWi56KdQ=
BgWXRsVoICMvvQ==
I+EozFl0Uy56KdQ=
xoXCgEllKEbWfjFCCLo=
qo9G1lXvvGt5GkxrLQWw
ORNlYic0PJ2ip4geEFSv
Yj+GFpvFxy0uVYx1fLI/XQ==
XL+veIKPjOTe4fjvFs+n
D2JKVAfuakXCAyoEvw==
voWJU81tH56wvt/vImbCcgVd
dVEcwFrmb8bZ4vXvFs+n
CMlcaOUF6cB+8Bnm2Kc=
NpYV3moXNE+ZQ4f9nVGCSA==
/GRkjGd1acLHyeLvImbCcgVd
R52MlF+Ag+LtFr1QKa7Zf/5a
kVD/mSO1YK75pA==
5q3IANfo/JHiDww2ffu6
4i8RFOH2ACRdhzja
VLWOSRe00XX6sNsijPzqiiWfFgf1J+g=
qnsgRFL46lWG
xo1QHOyKS9rj4fjvFs+n
mIHZlAqzS6ymmpMCU1uyZgE=
WCtjiGCFl/4JTiJ0R60=
c0vpAtZ3fY7TeLfdcnASQg==
Y87Xlic9/1+q3g/pUArVoB4=
kKOsRsf05wBOd67a
dDmgYgOZZ0aCMVwgDha4bgc=
ieXCbvcCyja+otcfpw==
Fd0XQwkTHHaBmNDvImbCcgVd
PK/M6eM8xOwqvw==
Pf0q8MdfICMvvQ==
EO8aPQwf7z2Du+XvImbCcgVd
BeUisSg/Ql6uJcg=
ay2v2pz4gomTESLosQ==
AGjX3ak2B+FyQ9ZKrQ==
Du0y0UXomyoxT4/arA8Du3FvpwE=
xhV7OrDTdonq4fjvFs+n
9+s2xTlaW66p2IAAnVkDQA==
AuS2UeN4Nsvl5vo8J67Zf/5a
B1vK2590RiUuuw==
/709BIUfMCIln8sus2u2aAM=
BMpYckjp699wVZfS
Pf2AqIscEhlpHlnV18IvVQk=
RKUTxUbz/zFroN/LLq+kIdZM
IuuiQ9pj7ZzciLVPiks4Rxc=
0KBn8XAV7NNm2xPxuA==
nv7yBtDj4UNE/ju8er1EZSanBXfyLv4=
sBgf41X1vKTwUspTsg==
5bk4+oQWD+X01tBEqQ==
c08KjxWnau8DDSsESMKNI+P5G/6/sYjU6g==
RJiyeEVj/N3rhNAW3qU=
v6O7hhQxA//+Oyq2ms9DWQ==
7MdHCYCb4OT5pg==
Je0NLgIfKIeFuyjxYD+i
68P+tIkhBdlwVZfS
inthecryptolane.com
Targets
-
-
Target
103.133.110.147_-_OneDrive_-_csrss.exe___4c7135b466d0d97fe0dce29650ed97f2.dat
-
Size
333KB
-
MD5
4c7135b466d0d97fe0dce29650ed97f2
-
SHA1
fde47b76280185cd1d39e9d22aed3d8e0047814f
-
SHA256
81276296b6d3afcded72b489d0d5b9c7e6e7a13569e3868f6c063489318d2a9c
-
SHA512
bb0820a6ee336942a3a06da0cc2bdc49ea870cde63ff0972ce1559531e473c256590826bd6b4ac5afe913748a4b07d2a7a4be0b4b1d047a7ba5d416329aaa91b
-
SSDEEP
6144:9kw5wnBY2pNRJapeMSZE2dcEtJI5WwYFJ0oPsMf48ZKXQm1s:YBfpf+eMSZ37keP0m1KX8
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-