General
-
Target
Booking_0026_062pdf.exe
-
Size
41KB
-
Sample
230502-nmp36aag99
-
MD5
ac798236993af26702d4307c4f999bff
-
SHA1
ac0be0ef8ec71dd0d6f93b7936ab6e08b99e6477
-
SHA256
814feb1393d69a3a46e80c35cabffc0c24ee035c94754e72179ca8627afc2e08
-
SHA512
1688a03458732edd314d3b368ed5c1ad502c41760eac3f4f82ed5b9534e3dea01f635cdcc912771794cd36d82577bc6c197411c7e659b978540f51168307f654
-
SSDEEP
384:s34L7mVUfN0Y6+v6X7LiIqr5LR5FxlQV1111yt6cj4ajdU:scKwFv27+15xxlQV1111O6cddU
Static task
static1
Behavioral task
behavioral1
Sample
Booking_0026_062pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Booking_0026_062pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Booking_0026_062pdf.exe
-
Size
41KB
-
MD5
ac798236993af26702d4307c4f999bff
-
SHA1
ac0be0ef8ec71dd0d6f93b7936ab6e08b99e6477
-
SHA256
814feb1393d69a3a46e80c35cabffc0c24ee035c94754e72179ca8627afc2e08
-
SHA512
1688a03458732edd314d3b368ed5c1ad502c41760eac3f4f82ed5b9534e3dea01f635cdcc912771794cd36d82577bc6c197411c7e659b978540f51168307f654
-
SSDEEP
384:s34L7mVUfN0Y6+v6X7LiIqr5LR5FxlQV1111yt6cj4ajdU:scKwFv27+15xxlQV1111O6cddU
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-