General
-
Target
87901426.exe
-
Size
602KB
-
Sample
221209-rpexradd29
-
MD5
0597c2f492733078cc3231b33dfc284c
-
SHA1
c2911934ece108745f314ca7f9e763b7986001a2
-
SHA256
80a92f2ceb76a9e3f2a5405c1d2d26f838d54b5129d1ce97d60c4af88c07dc61
-
SHA512
9e99611d0840d297dde4c55ac4146b7728e80e40009e33a88d17dfe6895923047077d991c28fd6371b8372d30e28aa15a83629d85b6566c926c1115c1678b22c
-
SSDEEP
12288:aLsIqZDM2wnBZ9FxvMMwEYwc4K00PGgmFfdTM2CqvxWm+XZO:agIwY2mZBvT1K0ZgydTlxWm+XA
Static task
static1
Behavioral task
behavioral1
Sample
87901426.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
yurm
X06d1tis1GUX/R0g87Ud
BKiZ33D1P766GVXO1ZwV
lAFdjB7CSxGX8Trz
Gc7dWizTVxWX8Trz
tDkr9JAfi1OHAW1PGOageIp4
bCpMtHKU3mVp8BY5sQ==
7WKpsMWt8nsrhJClJeOZNg==
0A9KTlETQ86Cmd8k0o5NP5RwCg==
aJ61paNJztSp42c=
CrgoA8ySIOsytCbO1ZwV
i46SnHYDD9tTIHI=
XFRCRCjtFZeU3x4Rn3xfD5BnPz+RDA==
c4CZghuHvzW9A31gEz0d
QAjzz9qyRRWBNYseAI4M
Jpbmu4A1YvBvN3ruZgiRmJA5BCFd
PfoFXGNFhhuX8Trz
bqCfk0m8ApAl+Tm1Ms5Tb23IT7tS
z7INff7HNALxc5HWq2/ftrVR6A7R1zvTUQ==
m7IShV4LSFxbqxhrVsZ1Ig==
BHRp7q0gtoRuqBRnVsZ1Ig==
SnqEhE/pEKitAVYv+MtfgDwL1EuxZyihRg==
1xpDKRHJ7K/tqQzEfaJvDIeRWI5DZyihRg==
tAQpBfGi8mppxC4LbDQNI945BCFd
nk5kz8aKDecavxHOYeugeIp4
wPYvLS3zK8FvdJFbQVY=
WAATk07VS0xU9Dvx
KdwXaxSYC9G8DG2tUOBR/X3wtEM=
EPQVcwx5eXw9i/E3B9tpP5RwCg==
MN0FmlPPDZiu5zVpA58wA0Q/5F4=
797QsL+c/saMxtZeQFQ=
TISijiWfydvQFQ==
ama7D8Ntnxsr9Gg=
PcnRSFMPjGFm8BY5sQ==
npSIXvRrsj25h91pUHZGbX3wtEM=
0CAJglT6dkKyhZFbQVY=
kL69pLud0pT4Am0=
sG1JDgXWXydt/VHO1ZwV
zxVdYWYhqoHvrt5W2G7a5PL71zEyHIIx
i0Zm9MhPh/vvI3ycVsZ1Ig==
kjRJqKB3nRgihH2kM0E=
/s4LgD5dmCtOBCkprA==
I278sNm5/o/FX2dZBAKYKg==
eP/5flDtVw2X8Trz
Ik9oUEj8hFO6eeK1gJg/xkILDkwPAw==
QIS5jUjlUhtr/VHO1ZwV
RcC5QQyGv0mFC2BnT3igeIp4
NL7LMCoKT93dJWVTHJgywToxAg==
yzhyPgzSYDGthZFbQVY=
PqmV5ObKBpvKUJZYcGg05HtiCA==
/W9bsq7IsDuC
T8LMKrI2jA8BQ4yQVsZ1Ig==
eHof90VMPMXQDQ==
8TSLglnyajdx/VDO1ZwV
ZQYihA2I+rn4g7eQVsZ1Ig==
JCmxphUQ06is5Gc=
H2C6sYYiZPAxoxNnVsZ1Ig==
5NxIrpR6DM2Jd5FbQVY=
vDCXqaJj6Pw2EXA=
CBI+Gdh67Pw2EXA=
zxoDhkPEDpTET7a6Os0tj1BpDBfmYgo=
neEtD8Y0YN7fMV7O1ZwV
W+BPJ/S6QhmScpFbQVY=
iAZaRHA3ZgUpsQvRiZ5XP5RwCg==
CQtXS8LIsDuC
absbox.org
Targets
-
-
Target
87901426.exe
-
Size
602KB
-
MD5
0597c2f492733078cc3231b33dfc284c
-
SHA1
c2911934ece108745f314ca7f9e763b7986001a2
-
SHA256
80a92f2ceb76a9e3f2a5405c1d2d26f838d54b5129d1ce97d60c4af88c07dc61
-
SHA512
9e99611d0840d297dde4c55ac4146b7728e80e40009e33a88d17dfe6895923047077d991c28fd6371b8372d30e28aa15a83629d85b6566c926c1115c1678b22c
-
SSDEEP
12288:aLsIqZDM2wnBZ9FxvMMwEYwc4K00PGgmFfdTM2CqvxWm+XZO:agIwY2mZBvT1K0ZgydTlxWm+XA
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-