General
-
Target
do2c
-
Size
895B
-
Sample
230327-k2sk2sef7z
-
MD5
66893f8f7574f8523790b3dfeace743a
-
SHA1
de2b6dcac3eb31b4418815cc441bbafe70919c01
-
SHA256
37ac03678bf8ae8ca4ee11ba64023e9d762d93f15619ecf54fe0ae752d193ed8
-
SHA512
3abdf26ef6700fce101266ccdf3f81024b7f15c88f283ce9499565178e2432e52a60862d7eed0c0c37603a9cf5bdf3099aba0e17c2530c7909d558953cf447db
Static task
static1
Behavioral task
behavioral1
Sample
do2c.hta
Resource
win7-20230220-en
Malware Config
Extracted
xworm
212.87.204.124:5555
BtADXFpcTwggF8mG
-
install_file
USB.exe
Targets
-
-
Target
do2c
-
Size
895B
-
MD5
66893f8f7574f8523790b3dfeace743a
-
SHA1
de2b6dcac3eb31b4418815cc441bbafe70919c01
-
SHA256
37ac03678bf8ae8ca4ee11ba64023e9d762d93f15619ecf54fe0ae752d193ed8
-
SHA512
3abdf26ef6700fce101266ccdf3f81024b7f15c88f283ce9499565178e2432e52a60862d7eed0c0c37603a9cf5bdf3099aba0e17c2530c7909d558953cf447db
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-