General
-
Target
d1b17756d65c75bf98db4f2d661c5058be7325e49b871a82d9aaa7ad389a7846
-
Size
7.2MB
-
Sample
221217-cev4naga53
-
MD5
01e95aa261dbb08d3a05adc741fcb421
-
SHA1
96062e83f8ba734da4ce71f64edb718fcd0cd3c5
-
SHA256
d1b17756d65c75bf98db4f2d661c5058be7325e49b871a82d9aaa7ad389a7846
-
SHA512
18d31824e3db78bc4a4cc502b2d9a986b7cfecf5d5c62ca876a90eb535d2b3f74c8589fee88726709d4fe1c6be8122c56ec485a8587d225f708e621c12c0ad71
-
SSDEEP
196608:51zRjiwR1UYPfa3GdQshItRBGpqNS26UCg:rzRjiyUotQshIjs4b
Malware Config
Extracted
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab
Targets
-
-
Target
d1b17756d65c75bf98db4f2d661c5058be7325e49b871a82d9aaa7ad389a7846
-
Size
7.2MB
-
MD5
01e95aa261dbb08d3a05adc741fcb421
-
SHA1
96062e83f8ba734da4ce71f64edb718fcd0cd3c5
-
SHA256
d1b17756d65c75bf98db4f2d661c5058be7325e49b871a82d9aaa7ad389a7846
-
SHA512
18d31824e3db78bc4a4cc502b2d9a986b7cfecf5d5c62ca876a90eb535d2b3f74c8589fee88726709d4fe1c6be8122c56ec485a8587d225f708e621c12c0ad71
-
SSDEEP
196608:51zRjiwR1UYPfa3GdQshItRBGpqNS26UCg:rzRjiyUotQshIjs4b
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-