General
-
Target
4c0d5b830080aa8b72546a6d7f924aca.bin
-
Size
155KB
-
Sample
240420-ble6cace26
-
MD5
9c71519e55250c94e60ba2cb81bbb804
-
SHA1
e505888316634c331c11b720fbbaea66dd57a9e3
-
SHA256
146df2a253cdb3aa1bcbcfbea834449df1f15c6f6091c0b3e5249128bdf663bb
-
SHA512
bec89e2592f1b4e0f41ff4608a9575c927f27f6dd1f26d818d62314f4621a9a6c827a56309b5c5e9a09be379b903fb9265f092467d1af30b93f207dcf3d67a7b
-
SSDEEP
3072:adew3bgNVuQmxbONUcC4TuG55uClNOIpE+izdE1V1B3uXU6wY7es1KN6:K36VnmRO574qNOIpZqdE8wyKU
Static task
static1
Behavioral task
behavioral1
Sample
56b71885512e781975e310bc62af1a41bd731895d661f5cc49eff2a640806cd0.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
56b71885512e781975e310bc62af1a41bd731895d661f5cc49eff2a640806cd0.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
56b71885512e781975e310bc62af1a41bd731895d661f5cc49eff2a640806cd0.vbs
-
Size
363KB
-
MD5
4c0d5b830080aa8b72546a6d7f924aca
-
SHA1
d061aa6f577e894eb58fd4bc64b366e2e7919630
-
SHA256
56b71885512e781975e310bc62af1a41bd731895d661f5cc49eff2a640806cd0
-
SHA512
c87b174d0e027f6f85be7669e16b1430531f7880d507ebd1cec55f159fb71bf3ede586001c8a32424886e74dc3477b09d1108c133f75441575cf2d6c896d7d7d
-
SSDEEP
6144:1qJLaVfs2VTA05zBWJKJqDv9WlmDg6bMiaNb3rczF9V4I5Btg/zRoFTC4vSUUkPE:4uInOi5cI5E0k
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-