General
-
Target
Quo_mox niquo niquopen quilo bom lekavasi.exe
-
Size
187.6MB
-
Sample
230224-n5rppsda8s
-
MD5
2e1d87536ff37b0c99eed77d1238f091
-
SHA1
6b0bfd18069d0074c9b8e33584c81e8a7af4edd3
-
SHA256
7d63d4958a0b5973b9f5c788e694f4efd4e4ea5354eb4db8b14f9370678584ce
-
SHA512
d1666a79007063804b2cb2ae4d6ace6f2059478d11893a8902989a417a9fac9fd693fd13cf60d17baa5bea87c2871d5f6f5c591e1d8b3fe69dbff44ab9f98522
-
SSDEEP
24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT
Static task
static1
Malware Config
Extracted
systembc
45.147.197.24:4001
80.89.234.122:4001
Targets
-
-
Target
Quo_mox niquo niquopen quilo bom lekavasi.exe
-
Size
187.6MB
-
MD5
2e1d87536ff37b0c99eed77d1238f091
-
SHA1
6b0bfd18069d0074c9b8e33584c81e8a7af4edd3
-
SHA256
7d63d4958a0b5973b9f5c788e694f4efd4e4ea5354eb4db8b14f9370678584ce
-
SHA512
d1666a79007063804b2cb2ae4d6ace6f2059478d11893a8902989a417a9fac9fd693fd13cf60d17baa5bea87c2871d5f6f5c591e1d8b3fe69dbff44ab9f98522
-
SSDEEP
24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-