General
-
Target
CB802441D480AD4F16C7D645B78A5A17CD1FFF6DF00DB60DA6195CCF56C2C7E8
-
Size
1.7MB
-
Sample
230518-cgtcvahd35
-
MD5
54e0f0a4e8ea9fdc3441e384811867fe
-
SHA1
19122a6bd8c6a09f35e4f49e800d084a0579be07
-
SHA256
cb802441d480ad4f16c7d645b78a5a17cd1fff6df00db60da6195ccf56c2c7e8
-
SHA512
c67622486326e6dccddbd043c876156ca5e956d719d0f3525fe8ad83c09fbed4288c234424fca2a7e7b83d64559710282c73eabd80ad4183209120a0fef7294d
-
SSDEEP
49152:ANgs8OhDb73BxM8wQjueZ5u3F5akIWlfBC:SNb73BxwQJ5u18kIWtI
Static task
static1
Behavioral task
behavioral1
Sample
OutstandingPaidInv000000001.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
OutstandingPaidInv000000001.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1074654854473060394/i1-qt2Q8lvGZRppGXaUCnbmSJ1N2WAAuYKuVU1iO_tIR-DJ2O03iSk2F2GFppdapGsYe
Targets
-
-
Target
OutstandingPaidInv000000001.exe
-
Size
1.7MB
-
MD5
b7938afd09e3e3f9c84f4f7c642a62cb
-
SHA1
77a1e6a9070fb901859128654b149aec63fd2676
-
SHA256
65062de43f1fab09029d2c9a5b7406c0015f7a5c5b458429500d40fb6d812d12
-
SHA512
1ea3a0293ac0606f1f69438de414227f19007d177e773f2006a5665a51d1e726e3941f7514a738d54bd481c9fbc1c9d25c6510635005d67df85128b53dd7b933
-
SSDEEP
24576:jY1sWffwGfAvp2xGBpfchc3WzWWUEe1IkROAhohWTT5ffeRYqo0AoMKWwlq06ot2:MJfZovp2wZceWz6+mTfHLOlFDthNad
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-