General
-
Target
b220568343b62f6a4bb4abc001ddfd4a00b66c9debe0542c55f6f2a91cd832bf
-
Size
262KB
-
Sample
230131-qec5qsge27
-
MD5
512fcd3048ecc3311759e82e00c9888d
-
SHA1
be45965664140ed3a03236605f4b8c9ed7bfcc47
-
SHA256
b220568343b62f6a4bb4abc001ddfd4a00b66c9debe0542c55f6f2a91cd832bf
-
SHA512
1faac492c0a7fa1744c5a70b506d0b1d1e950c03b00e5a152bbe4a6ccb2237f6bb8ef6035839e1d976e1f228da2f0f1c1c4dec3d4f82bbc35659fe60e0625034
-
SSDEEP
6144:/Ya6Wa8RQeZcz5jHeU1NNWGYugdRUPmzDq9I+H:/YoaKcz5HeeNcGFgdRUGm95H
Static task
static1
Malware Config
Extracted
formbook
u8ow
uzhDDUNgg10rOh8rkUMGYiLuNnRWl9gwMQ==
bfkA4IUaSgYi7IA=
ezX5yHeR21O3h2RCgQ==
x3E4ntHeLMGQm0kdTi6PJtjOVS6Em8UaKA==
xJuAYwcZLAfqrVazWjvkirgFxDSf
qrGugLdannLYegX5dCtFMA==
i61nMddueAYi7IA=
RoNMKNhtdDWpeiYoaB37TPiHTLo=
RFj3UHHrDtAktSZhYku36opnsaMbNA==
lx0g+6RPl4jwwNPRPuTD
MyEQ4oGk6vXrMM4V
0IVWH0rfKe1J4nn6J9XB
SYVlN3Zrnq2OaWpDiQ==
fNa0jy3P8KQK25rpmwqd0t8=
UZuSZpW+9ffX9KXzmgqd0t8=
Vxf85YCWvYNZjkcDdCtFMA==
0gG1EzLP7/DrMM4V
WExRGVAEE6YS5tJkTxMhR636+A==
6Tv7U4QdURt1KUI+gw==
ooR7RXgsXPtaEutnaQ3efjIXmfJePavzIA==
kH1+agwHHalYZx6qIgfY
ZWt1Rm0DSQlnBqPfWQAc/tcr
cLCK7t168nLRaWpDiQ==
mhlxXnj4ae2oyA==
cNfFjLnZBAbktB6qIgfY
e4+aeK07RtRvyDdIwbTJ
zV1cO+x+pG5zGpk=
Chw2HE2XGN4+Cr/5oYw2qDok
DP/jRm13vb2eiYBXkQ==
Ma9RHLrYBdejyIc/Mg2d/8xWIqM=
VTo6X4LaHCfge/wU
sWUqRFyEF4620a0t2n8=
gFcKdpXTkQzrMM4V
OhMDz+2HrUeaOs/fJBHkCKz7+g==
VO2d9iU2Thf318SIwq0EOA==
e1ku/6K39wfJUusrm0vPx4XRqHIvPpc=
P+jz1DwdYV0=
bTf6X4eNo29HFZaYHIdgOg==
4T4u2HphcHA0
tbfJk7tho2DrMM4V
mN6i/Su4QgqJXCqCRzW3mzJHyrWX
zW04ErzqFdmbu79Rig==
ZmprSnkJRcl0JKT6J9XB
MpWLW5et5BoKKk+rm3c=
Zr2aZxK7/FrlpnRYlw==
0U3tR3qhsDuRX0ebnn0=
wwHLoEjfITb8VSKpjXQ=
U0tVJVTjQAYi7IA=
UhwL8pe04L+OaWpDiQ==
aopHm8x6r2frMM4V
Lmst/p5BnbN6FIkTOM8rEdc=
GE06CTdjgx+Q6ZIV2H8=
EEj/aJNAfnLggR7q56O3833n8g==
iNu4mEHQ21YCng0d
KDEzCTXL1lu2jm76J9XB
75FOp9va+5X90pMaWzhMstYm
dC3913qn0YlNK0+rm3c=
JdWkeCE2aH5uMqzDQikE2IVmsaMbNA==
DXRpMVx9wYHolAeOVjsokL9HyrWX
OhHhPWGIz5DefU+rm3c=
50M3F7hrlnBBTDLKumo4nMY=
Fqq41ivP9XMLaTycqZUCOA==
711EHcp3p3EnLk+rm3c=
LT/fL08ENi0Gi1dYk4bzMQ==
majorcaplanetary.com
Targets
-
-
Target
b220568343b62f6a4bb4abc001ddfd4a00b66c9debe0542c55f6f2a91cd832bf
-
Size
262KB
-
MD5
512fcd3048ecc3311759e82e00c9888d
-
SHA1
be45965664140ed3a03236605f4b8c9ed7bfcc47
-
SHA256
b220568343b62f6a4bb4abc001ddfd4a00b66c9debe0542c55f6f2a91cd832bf
-
SHA512
1faac492c0a7fa1744c5a70b506d0b1d1e950c03b00e5a152bbe4a6ccb2237f6bb8ef6035839e1d976e1f228da2f0f1c1c4dec3d4f82bbc35659fe60e0625034
-
SSDEEP
6144:/Ya6Wa8RQeZcz5jHeU1NNWGYugdRUPmzDq9I+H:/YoaKcz5HeeNcGFgdRUGm95H
-
Xloader payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-