General
-
Target
Order.gz.exe
-
Size
360KB
-
Sample
230606-q5plfsdh96
-
MD5
856dbd09409da8b58b98d75bb8b6c7c0
-
SHA1
04ac238a5349afe2f3f0a2dffad9cf615130b674
-
SHA256
8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3
-
SHA512
bfe9543baef25017dd61339c75c9c38d05bd903256cc592a5b964055bb62fd932422714461557c8fc8a2ea280d56627dd52e0cd9a990a3ad787dff27fbf195bc
-
SSDEEP
6144:1piSQi4W9Bmmdk2DT0uYdIHIBIbmSmSBJB6fmpXAhtagxMI2b+ORpNqE3KqT:1fHX/mKaSvoGX4tagutDo8T
Static task
static1
Behavioral task
behavioral1
Sample
Order.gz.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Order.gz.js
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Order.gz.exe
-
Size
360KB
-
MD5
856dbd09409da8b58b98d75bb8b6c7c0
-
SHA1
04ac238a5349afe2f3f0a2dffad9cf615130b674
-
SHA256
8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3
-
SHA512
bfe9543baef25017dd61339c75c9c38d05bd903256cc592a5b964055bb62fd932422714461557c8fc8a2ea280d56627dd52e0cd9a990a3ad787dff27fbf195bc
-
SSDEEP
6144:1piSQi4W9Bmmdk2DT0uYdIHIBIbmSmSBJB6fmpXAhtagxMI2b+ORpNqE3KqT:1fHX/mKaSvoGX4tagutDo8T
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-