General
-
Target
LibreOffice_7.4.3_Win_x64 (1).iso
-
Size
300.4MB
-
Sample
230118-zjtgyseb8z
-
MD5
98656e56fa28e95aec0feeb127ef3530
-
SHA1
4382a4084ba8dbf15c2f01dbda3eb4e236fafb3d
-
SHA256
b109edfd6e96760ba5a639b688491c58b75acc014ec8a89eae1e16fd39a678c8
-
SHA512
e90cc7c5c910379e88bbd44573be64fc6080c3de1b38b0deb1fb5744494c9e639f5ff18823edc7bd5b33a320586a916e70ef108f5af0b092856bb34071fb2e6b
-
SSDEEP
12288:IbCG7F1wjOLak1PCgqaapo2RvxC1WyOPwQOhGwYyY9ZGyooo3RZNzBjSww43vmOC:wUww4fmOa6IglK
Static task
static1
Behavioral task
behavioral1
Sample
LibreOffice_7.4.3_Win_x64.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
LibreOffice_7.4.3_Win_x64.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
aurora
79.137.133.225:8081
Targets
-
-
Target
LibreOffice_7.4.3_Win_x64.exe
-
Size
300.4MB
-
MD5
571c7f42a9b065b6c28a55a3d163b9f9
-
SHA1
77c4aa129876c355130db2bc8aef8f281129a2b3
-
SHA256
acd07467116a82cff3167e352362c2f670879a18bdcfc9a74f4b0520f5019023
-
SHA512
3b087bfda86e0471ffc6e979798880da7b4e7f3eafdc255e55f3c69dc9befd8bef88d5a50948bd3186bad58e1b46882f391ddf97d35a225e0fc97218946454d5
-
SSDEEP
12288:WbCG7F1wjOLak1PCgqaapo2RvxC1WyOPwQOhGwYyY9ZGyooo3RZNzBjSww43vmOC:mUww4fmOa6IglK
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-