General
-
Target
96fac88bb0db406c095198adf3e941a54eb793c9e58c977fb6377f7663c6e085
-
Size
890KB
-
Sample
210508-jdh1111yca
-
MD5
51025f3d42b690286b2e29da8f93321b
-
SHA1
6799648b3980ef4bc8d9be2782dc3e25ac1140aa
-
SHA256
96fac88bb0db406c095198adf3e941a54eb793c9e58c977fb6377f7663c6e085
-
SHA512
71a431509863a3c213d84ffc655ce60cb4d5992da57a7683922c35406c09f81b394ac3b8860ca299acd75a3aeabcb4f42aa70d55ff3b9e814ae3edd069a01eae
Malware Config
Targets
-
-
Target
96fac88bb0db406c095198adf3e941a54eb793c9e58c977fb6377f7663c6e085
-
Size
890KB
-
MD5
51025f3d42b690286b2e29da8f93321b
-
SHA1
6799648b3980ef4bc8d9be2782dc3e25ac1140aa
-
SHA256
96fac88bb0db406c095198adf3e941a54eb793c9e58c977fb6377f7663c6e085
-
SHA512
71a431509863a3c213d84ffc655ce60cb4d5992da57a7683922c35406c09f81b394ac3b8860ca299acd75a3aeabcb4f42aa70d55ff3b9e814ae3edd069a01eae
Score8/10-
Executes dropped EXE
-
Suspicious Office macro
Office document equipped with macros.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-