General
-
Target
Invoice.exe
-
Size
993KB
-
Sample
221209-rk4qbagb81
-
MD5
6f4d64fcfbc82b91eb1f5e9fcffd15d3
-
SHA1
1ebe973942db3da29de1dc292b8a0c8601f1e7a0
-
SHA256
b747df969c4c80638e92b68759a8ced53c3d14bf705ad0fece792a566c9f3de9
-
SHA512
073b24ff9c67c8005419678674f2aa79b72a38566a5496023def857379a7a2b8e4468d3f2803da81900eb3c8d80809e6d9a20fea2ef9c7a94f726f27cabc038c
-
SSDEEP
24576:LIfkZ8IvMSd+WmvcGi+Dgr1hJsOSt3RpLJjpF:LNhvgOGNDO7Hyp
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
wu27
69/AbbgufRx7loCQ5G4WYQ==
uydiDFvHsFxlIrdq
NBlmCe8ii+DEa2ye5G4WYQ==
LicGnHCl/UZ2UMg=
e2lQ8e1lsXvAeX+U5G4WYQ==
2bF/M54rOGusdYqc5G4WYQ==
mQLidD9i82JIsrqysw==
ZdlDYrcsl/L9eH+U5G4WYQ==
80ucyjCJdqXkcNI=
/eg6aKbVvNkwOcxzZyAx3cCTN5E=
lflaF0MvE+fHXoWmrg==
qRfykIXbxMkND1kwe3I=
s6iSNSVOMwnpvFDxdFLlOfqBMw==
imkLObSlIdc=
oBUBm36yNaZ99JYxenA=
ngFE7+IP8Te6N75o
O6Htl8Oyjb0Msrqysw==
f4JgCEnC0LEC9w==
9+dNeq/hVxaAhxzT1pbgzZ2mb3Nf
980jQpYF3y1wMomLfWU=
S7CXLmSvnae6N75o
LBsMM7E1hfqVbco=
SEmi10GnjKIC6T/PG9vpot2mb3Nf
6N2zXagR4zO6N75o
Y0MbsfJvYcM0QFR/yF43rH/WOQ==
4FvE6St/5VeaknSQ5G4WYQ==
FfvsmYGmgr8mMUN2yF43rH/WOQ==
sZeFLWrFrbutSaQ7S92VaLlsEdqDAw==
GAtfhcHou9EYD1kwe3I=
K5TzEFu9HopZDGwZK5fekyc=
yhtuD9/zPeh7cNJ1
oBFUB0rNZ9UJtoKh5G4WYQ==
htsvVpfFs/hvRmJrdiz3aQ==
zkURs/JLt1O2s3+Q5G4WYQ==
YtItQ4f8Z8uWQVkwe3I=
TKgCIWWoGbgHsrqysw==
IY19JVOJgLkbJzhgayaKol308Bm3Hg==
EI3wCpvRR9Yg0e0RXTvsJdqoIZ6NfxeeCw==
dcaSQpkcgvqVbco=
i3LR8zl6Q4ES1Li7uw==
zU2iXqctzPaGh2+K08GQzt13MQ==
+vNEAOcjj/qVbco=
n4PyGmPPxsmoGkJ5gyJ4
42JPceRLN2LLp/J9fBwczl9uB5ohvsI=
hQDekPl/6Eob4PLRVmo=
tCZ5ldT9DNUX/Q==
zLGkPk9ZW5hNJgT+VMBIfWsw
8eEl1y6bl8w4HwYQYlOgnwOCqYM110TkHA==
y63rGlN+VWFNIAS/UTZw
TCdmmNUE3f1fPFkwe3I=
zjF2JXfZpoNK+dsaJtaSBcCTN5E=
DOA6audAeWU5
E+5C9MobExoL3MzxRz6+zt13MQ==
uK35B1bZy62abf1z7dVKfA==
avJCc7T0V9MKsrqysw==
ugpaFO0zNWfJpn1rt38fYw==
1MGtUYv0v/dkdYCn5G4WYQ==
KZT2GIMGUw9EBHgva09Hf2Ux
GhNjEWToYe7ddkhnsYtIv3Lz8Bm3Hg==
zi1OxCCLk1bvzK7OEZud3sJ9Jg==
WU0txI+4FsP7kfGNm0tHf2Ux
hmdH59P8VKbSjdc=
x7oPsXu0jYXBsfiIyMIyWwuUuR4tEQ==
EG3AXyZo4XFZsrqysw==
cailiotweet.store
Targets
-
-
Target
Invoice.exe
-
Size
993KB
-
MD5
6f4d64fcfbc82b91eb1f5e9fcffd15d3
-
SHA1
1ebe973942db3da29de1dc292b8a0c8601f1e7a0
-
SHA256
b747df969c4c80638e92b68759a8ced53c3d14bf705ad0fece792a566c9f3de9
-
SHA512
073b24ff9c67c8005419678674f2aa79b72a38566a5496023def857379a7a2b8e4468d3f2803da81900eb3c8d80809e6d9a20fea2ef9c7a94f726f27cabc038c
-
SSDEEP
24576:LIfkZ8IvMSd+WmvcGi+Dgr1hJsOSt3RpLJjpF:LNhvgOGNDO7Hyp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-