Resubmissions
16-09-2023 18:02
230916-wmkgnsce5z 10General
-
Target
OSU-FourYear-Academic-Calendar-202122-through-202425.exe.zip
-
Size
3.1MB
-
Sample
230916-wmkgnsce5z
-
MD5
0b019a3dd120586b87cefa78a47f8f14
-
SHA1
4774cedab4a3b7e0da779d69f592f09307d6898c
-
SHA256
8f1f4a3061f146249be95a90b0a8f28e856d6d92e226b871fc869afd56f0b92f
-
SHA512
8efbdfc9ebf1d63390b081cd5b4de75a7de4a3d823ec9e1ea1960b07f6071a0154ea8af5132367df6a773eccad5c4e736fb455a7f7d1719da9bfe8e60261a462
-
SSDEEP
24576:kLp2rYn3u4AWztvIX8mFAqyxgvMBpvpNe9eesXrsZc:kLp2rYnTztwhFAuMBpTy2sK
Static task
static1
Behavioral task
behavioral1
Sample
OSU-FourYear-Academic-Calendar-202122-through-202425.exe
Resource
win7-20230831-en
Malware Config
Extracted
jupyter
http://91.206.178.109
Targets
-
-
Target
OSU-FourYear-Academic-Calendar-202122-through-202425.exe
-
Size
300.1MB
-
MD5
634a1f57cd61801b198418ba1ecc797c
-
SHA1
be4418022ce3af4f1ad1de7a43095e95b2e7bd12
-
SHA256
13a1bead1187cbc6072c410501a417b812e82f1bbbf6a93deaab26ae5ea67628
-
SHA512
1e57c4809d1524bb9931707e41eaf2dde1fb368f662d71ef24c53b60812fce3242d41fe8aedc2a801dbcccc6a79e6709232e10cd0a9dbec8ce1f27afd388481d
-
SSDEEP
49152:mseenCOSg4aYzA9aPplVEQ1pgrtRx4444444444444444444444444444444444X:m4
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-