General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/JPBM135/fishfish-js/releases/download/Borgin/Updates.exe
Resource
win7-20220812-en
windows7-x64
6 signatures
150 seconds
Malware Config
Extracted
Family
systembc
C2
45.147.197.24:4001
80.89.234.122:4001
Targets
-
-
Target
https://github.com/JPBM135/fishfish-js/releases/download/Borgin/Updates.exe
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-