General
-
Target
bfb3ba943d5333f18237ad7ae04a9601bbf677f0fcdebd45d788d86703ab8f70
-
Size
532KB
-
Sample
230129-j765ysgg9v
-
MD5
4aa2148b49e9956201b00ab8c5914e09
-
SHA1
3f430ee7d1742b76ea6676b8d1480bf0456635f3
-
SHA256
bfb3ba943d5333f18237ad7ae04a9601bbf677f0fcdebd45d788d86703ab8f70
-
SHA512
97da894d91f8216eb742cee8b46c2f4ab62d676ab6aff7d6bab22f6104e6b8cb5b6ce350f774ad688a5c951c103effc2f71a78998aebd3fca01037224d38ac0f
-
SSDEEP
12288:vHbypKkBLIvL6omZrRgRlKnninnnnfNobnnnnuLeqLt:vbyowLIvL65ZriR4ninnfNknuLeqLt
Static task
static1
Behavioral task
behavioral1
Sample
bfb3ba943d5333f18237ad7ae04a9601bbf677f0fcdebd45d788d86703ab8f70.exe
Resource
win7-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
k4ivitu@gmail.com - Password:
Vajalik312
Targets
-
-
Target
bfb3ba943d5333f18237ad7ae04a9601bbf677f0fcdebd45d788d86703ab8f70
-
Size
532KB
-
MD5
4aa2148b49e9956201b00ab8c5914e09
-
SHA1
3f430ee7d1742b76ea6676b8d1480bf0456635f3
-
SHA256
bfb3ba943d5333f18237ad7ae04a9601bbf677f0fcdebd45d788d86703ab8f70
-
SHA512
97da894d91f8216eb742cee8b46c2f4ab62d676ab6aff7d6bab22f6104e6b8cb5b6ce350f774ad688a5c951c103effc2f71a78998aebd3fca01037224d38ac0f
-
SSDEEP
12288:vHbypKkBLIvL6omZrRgRlKnninnnnfNobnnnnuLeqLt:vbyowLIvL65ZriR4ninnfNknuLeqLt
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-