General
-
Target
srr.doc
-
Size
12KB
-
Sample
230208-1dyp6aga91
-
MD5
77c476f9668b541aa928996c984e8708
-
SHA1
1a72dbdd46449c2b209ce4cb15f355ad2cec0d35
-
SHA256
2354d413698648237984061bb9d82b2a12152c6109d6aa2694183ebff45f5ffc
-
SHA512
793f535d07263462bd9f5400dab367fd6cf5bacff88eadfd5a3541f5c72e31410d21f55bff40fa711096a04ecc1d857ebede44b5318f0b2046b445ccaca5fae0
-
SSDEEP
384:Jxx5tRJcEfynlp8qI7jSGakLjGlTuRGGw0LOg+2:XNcEfQpGj3ayGduRGl0b
Static task
static1
Malware Config
Extracted
formbook
dcn0
ZVx68vDtAMBCwg==
oBMBvsNORkM/O/ox
Ff9pISWkm6eG4lByIspp
c2T42c6CIIF6B8xTxm9XzpVw
bvjhxRbnAC183w==
0lTttSNG4HUDNflyIspp
hPXFlstqiHA/O/ox
WLR+MeerxZ0cNn1ja+IQAYo=
IHRn4xXOVKi477zarG+ObSy7YJA=
Xhf3e+tdAC183w==
Xk0ZAezv2rWH
kngo+vBeSRN7AszNwam3Osmguuqc0MoC
a2Qp7a+E8fSw7LDjpnqEKjsRZA==
3zjy4E7+QM48wg==
YcCmqT3OUNAigVott2pBKiy7YJA=
4+SMeX1juat/5cZ1AZihcyy7YJA=
/+m7sro0OBTl3TMpCw==
i2ctEfe4//a64yklMsgS2J90
+loZ2QKGX0UWgpvErMs=
b9BNCnJWQJS8IfsR0uR3bCy7YJA=
9eiUYE0ynHE/O/ox
F2/75pOIYNg0hzOD99192J8=
Y1xOONdO105okfha33EZ2A==
qYZIIB+dfF0wp1nVWFz067hJ2/qoXEVeAA==
moQMzat7tfKyKPYs
aMZJI/NfUSSpPQUBJ8/11g==
QKMN15GjpHcpyA==
6+S1hTvphhFfoCdj6tw=
DPynhWcnZWho7a0p33EZ2A==
EXY//zDm7ej3Guwo
PSWxPYkk0SNioSdj6tw=
jv+tmhv1ySZloydj6tw=
P8GUV5BhNZflCCBBFg==
IQZ0PWog1lcVVkJYHg==
aOTCq/Cet6AdhSdj6tw=
OBzJrqYS+eac46nZo4aI84kWMEtH
kBzTkbI2LTo/O/ox
a8pwOrU/tyx93a/QrGBpXGQIfZI=
GWoC9K5Mx0GR34urFcDPyQ==
dGxKGM2FI4iAkTOD99192J8=
UqQv8Vkx7WzkCCBBFg==
NcBsPK+YmdZP0cyhY+Lrzw==
zcKbk5oK7NCgFOpa4tHv0g==
uIomFkUTzdWa
QkAF8NuWMZmnPjCFgJBa+Y1t
51w6Gw7c3NyY
IyDnsW89dXaMrAxotF8jGZc=
1s1RHCrCwI8PnVhMY+Lrzw==
zBnRazUUWCsrM5t0SEth
1z4R/XM98Wn3j1RMY+Lrzw==
h3b34yQL3cI8wg==
/+27PhUTzdWa
CO0jnOIoAC183w==
Cn8jz+pyZEfWCCBBFg==
jI4f4NnKFwoSUb4YbnkzePzLv+Sc0MoC
xZnrS1Y+5Sxv1g==
phjYsTTGW8zAMydj6tw=
v7JcJyW3x64phzOD99192J8=
tBJ+Uh3sJxYqbyvrfF6BKjsRZA==
xRTxyfuTgMhGxg==
6ceNTfir2qmQHtxWwqIrI8GQ7h/Te/A2CA==
00gVx7d5/U5soCdj6tw=
Jgvgt58H8MFLfBzTp1VZXCe2ZYg=
1NKRY1QTzdWa
ahmedo.ch
Targets
-
-
Target
srr.doc
-
Size
12KB
-
MD5
77c476f9668b541aa928996c984e8708
-
SHA1
1a72dbdd46449c2b209ce4cb15f355ad2cec0d35
-
SHA256
2354d413698648237984061bb9d82b2a12152c6109d6aa2694183ebff45f5ffc
-
SHA512
793f535d07263462bd9f5400dab367fd6cf5bacff88eadfd5a3541f5c72e31410d21f55bff40fa711096a04ecc1d857ebede44b5318f0b2046b445ccaca5fae0
-
SSDEEP
384:Jxx5tRJcEfynlp8qI7jSGakLjGlTuRGGw0LOg+2:XNcEfQpGj3ayGduRGl0b
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-