General
-
Target
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
-
Size
289KB
-
Sample
240604-lbz3wabh6z
-
MD5
ac7f96ac94ca748354e7db225aa1a5b2
-
SHA1
98be163399271b71337afbc716b6a313ea1941e6
-
SHA256
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
-
SHA512
862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692
-
SSDEEP
6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/
Static task
static1
Behavioral task
behavioral1
Sample
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e.vbs
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
-
Size
289KB
-
MD5
ac7f96ac94ca748354e7db225aa1a5b2
-
SHA1
98be163399271b71337afbc716b6a313ea1941e6
-
SHA256
d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e
-
SHA512
862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692
-
SSDEEP
6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-