General
-
Target
agent.bin.zip
-
Size
10.4MB
-
Sample
201206-mzfyxx9lpa
-
MD5
b6f505e39dc13f9bfc16fe24bebe31b0
-
SHA1
eb6367520bedc9685f2aad7a710dfdf7f23a20e9
-
SHA256
32cca3647ab59e02bd9a7569a5dbd94e9af189cbbdb1c95f7f00a9e4719cff57
-
SHA512
87d748c34875742c2eed62f5c0568254beb031ff3c85c82579336601126607e21cf9910ad2f31b10a107f0dc99a712675b3d7494a6adffe747ce9670734319de
Static task
static1
Behavioral task
behavioral1
Sample
agent.bin.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
agent.bin
-
Size
10.9MB
-
MD5
921f0eb14ea4bb8ec85c307da29a66cd
-
SHA1
35b61e6d895627a10015dcd4c0d03c4423a02d0d
-
SHA256
3d0862aa6676aa428e26e0b1c813c090c410b759fa7e9cdf8b0eb9d313d3618c
-
SHA512
9125f936b12fc3c30be7a33a4d61bde1267f89bd8adee977664759bb410987c0055131187603e5007faaf80ffdd7cd79b46878471eb71fb73a13db81657660d7
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
JavaScript code in executable
-
Drops file in System32 directory
-