General
-
Target
ORDER SPEC_pdf.7z
-
Size
1.6MB
-
Sample
230412-qwslraea9w
-
MD5
d621bda5e947afba2044436537957ad7
-
SHA1
0bc5b5c0922c25f980fd7e73499ba25a420928db
-
SHA256
b5fc942469373419339e6475a5a6c0dec2767af15ac83304d06fa879b4aa14d1
-
SHA512
6ee7d56aba082448a65043eb1f6458621600933354e75e1452243c946dbe9db95ff69dfe5e5c0e1f7322b9b9eef69fead5eaa05ee343b76a935d1f9685ac79e8
-
SSDEEP
49152:VJHl7nI77wFVvOT4nlDzojUDX9qQjaAoiYi0ixFl:fU7wjjDMjONjQiYi0ip
Malware Config
Targets
-
-
Target
ORDER SPEC.scr
-
Size
2.7MB
-
MD5
6d5c38d39f2e653c9954f44bc113b9fb
-
SHA1
fa3aa47590e4aaac3c656b4fe114c6f56b76ba20
-
SHA256
dccdd805ab3a1f31780ce46912cce1356dc12084e46e31aa6208052ddcd95054
-
SHA512
c60c31be41343b410d66e78be6b59f9c818b216e380023453ff45571f90de68acbb27c76f3f164965b860f70ddbd12e890f2a82f429f19edc24a5e2d8ce32176
-
SSDEEP
49152:20SnnC+BsY/8q7+gbf+qjw98xyDNGTQmSPcFP9+o:20
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-