General
-
Target
OInstall.exe
-
Size
11.6MB
-
Sample
230421-zg53zahg93
-
MD5
405c0627a9dc679297862d62c712b05a
-
SHA1
66b33f9e5e9b517be3ae85d9a423129f272dc25a
-
SHA256
698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9
-
SHA512
bca6a39378cddd35e4ebe59c03d4ddb04826d1475d686e3e85350a18f6efc602d93548116f77e38cf3a998459d371e2241edc044836b585d87998b61c98fdf46
-
SSDEEP
196608:w3mifxMAExNyGUV9KhMqzFdhA1wREOVp5LpL2OcmmQ1L/sJ7GcI37lWhbX/PE56w:w3ffyH4V9KhMqzFdhyZOVp+OKe/+GR7R
Malware Config
Extracted
http://officecdn.microsoft.com/pr/1d2d2ea6-1680-4c56-ac58-a441c8c24ff9/Office/Data/v32.cab
Extracted
http://officecdn.microsoft.com/pr/1d2d2ea6-1680-4c56-ac58-a441c8c24ff9/Office/Data/16.0.10398.20000/i640.cab
Extracted
http://officecdn.microsoft.com/pr/1d2d2ea6-1680-4c56-ac58-a441c8c24ff9/Office/Data/v32.cab
Targets
-
-
Target
OInstall.exe
-
Size
11.6MB
-
MD5
405c0627a9dc679297862d62c712b05a
-
SHA1
66b33f9e5e9b517be3ae85d9a423129f272dc25a
-
SHA256
698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9
-
SHA512
bca6a39378cddd35e4ebe59c03d4ddb04826d1475d686e3e85350a18f6efc602d93548116f77e38cf3a998459d371e2241edc044836b585d87998b61c98fdf46
-
SSDEEP
196608:w3mifxMAExNyGUV9KhMqzFdhA1wREOVp5LpL2OcmmQ1L/sJ7GcI37lWhbX/PE56w:w3ffyH4V9KhMqzFdhyZOVp+OKe/+GR7R
Score10/10-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-