8d21042385a10254ba03eb555388e9a0386accbe188ecba2bf7c1af347c78af9

General

Target

sample
Size

7KB
Sample

241120-phktbawfjb
MD5

3ee2f1577c3e15bbe9b6bc3946df3104
SHA1

fa09c0e4e3398a060e96af34a9a1b572db2002dc
SHA256

8d21042385a10254ba03eb555388e9a0386accbe188ecba2bf7c1af347c78af9
SHA512

7e5610fdde34c185b788fe81151ed5b7877457bffbf2d5b4a1e239367f876830f7bf8dff9b9aa78cbd5c22cbedb0d1020c62276b24fc5e7c447dbdbcf4bc7fe4
SSDEEP

192:PN2x2BHoSCcS4JjchImsRrzweCbhgr87WMwayilN:AxcoSCcS4JIImsy7iMwMlN

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://updates.spectrasonics.net/autoCheckForUpdates.php?StylusRMX version=&Patches_StylusRMX Library=0.0&Omnisphere version=2.8.5c&Patches_Omnisphere Library=0.0&Trilian version=&Patches_Trilian Library=0.0&Keyscape version=&Patches_Keyscape Library=0.0&Gold version=&Patches_Gold Library=0.0&FX-Omnisphere version=&Patches_FX-Omnisphere Library=0.0

Targets

- Target
  
  sample
- Size
  
  7KB
- MD5
  
  3ee2f1577c3e15bbe9b6bc3946df3104
- SHA1
  
  fa09c0e4e3398a060e96af34a9a1b572db2002dc
- SHA256
  
  8d21042385a10254ba03eb555388e9a0386accbe188ecba2bf7c1af347c78af9
- SHA512
  
  7e5610fdde34c185b788fe81151ed5b7877457bffbf2d5b4a1e239367f876830f7bf8dff9b9aa78cbd5c22cbedb0d1020c62276b24fc5e7c447dbdbcf4bc7fe4
- SSDEEP
  
  192:PN2x2BHoSCcS4JjchImsRrzweCbhgr87WMwayilN:AxcoSCcS4JIImsy7iMwMlN
Score

10^/10

discovery execution phishing
- Blocklisted process makes network request
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1