General
-
Target
OInstall.exe
-
Size
10.9MB
-
Sample
230327-3srlhahg7t
-
MD5
ebc58647462ad9c76395ef451064d115
-
SHA1
14e470812f13b278b2694a4cec5737a39784e9dd
-
SHA256
414155bf11893ec64ba0f4ffb7de92885090845a0761cf8f6743462aa5991d5e
-
SHA512
8a9ef093d151957ae3c4c8e572fcdbd2198398c95ff8186d532853856c12c8f9ae7408c4f24518c5903faa517ea4e1d5779e797c5a4d850073fbee3ab801e8cc
-
SSDEEP
196608:2ZnMGjZsDEsCaYsGEHy61bgUhufRswPU2/V8Gd83/PALDP0PiaQxhwf+9zYul28S:WnjZhsCOU6ZgfPPPuGdnv0fzfoDYtB
Behavioral task
behavioral1
Sample
OInstall.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
OInstall.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://officecdn.microsoft.com/pr/1d2d2ea6-1680-4c56-ac58-a441c8c24ff9/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/1d2d2ea6-1680-4c56-ac58-a441c8c24ff9/Office/Data/16.0.10397.20003/i640.cab
Targets
-
-
Target
OInstall.exe
-
Size
10.9MB
-
MD5
ebc58647462ad9c76395ef451064d115
-
SHA1
14e470812f13b278b2694a4cec5737a39784e9dd
-
SHA256
414155bf11893ec64ba0f4ffb7de92885090845a0761cf8f6743462aa5991d5e
-
SHA512
8a9ef093d151957ae3c4c8e572fcdbd2198398c95ff8186d532853856c12c8f9ae7408c4f24518c5903faa517ea4e1d5779e797c5a4d850073fbee3ab801e8cc
-
SSDEEP
196608:2ZnMGjZsDEsCaYsGEHy61bgUhufRswPU2/V8Gd83/PALDP0PiaQxhwf+9zYul28S:WnjZhsCOU6ZgfPPPuGdnv0fzfoDYtB
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-