General
-
Target
4e92b2862f02f6c48ec1ce2aa572608a
-
Size
496KB
-
Sample
210716-34jemva34e
-
MD5
4e92b2862f02f6c48ec1ce2aa572608a
-
SHA1
cdff69a4f5b9096618fc6b5ed6718e40bd64836a
-
SHA256
445d66bf5ba2df185287c3cb77ca459c45819d53d808a48981f3e8396f1c9658
-
SHA512
ae0adca760812c2ba86c36f286b1ac181512eeee5982a440c71687ebc54f9176cfabbf99ce83d34909307ba873c19df8c178f2ca90d1ccc0041b3517102a8426
Static task
static1
Behavioral task
behavioral1
Sample
4e92b2862f02f6c48ec1ce2aa572608a.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
4e92b2862f02f6c48ec1ce2aa572608a
-
Size
496KB
-
MD5
4e92b2862f02f6c48ec1ce2aa572608a
-
SHA1
cdff69a4f5b9096618fc6b5ed6718e40bd64836a
-
SHA256
445d66bf5ba2df185287c3cb77ca459c45819d53d808a48981f3e8396f1c9658
-
SHA512
ae0adca760812c2ba86c36f286b1ac181512eeee5982a440c71687ebc54f9176cfabbf99ce83d34909307ba873c19df8c178f2ca90d1ccc0041b3517102a8426
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-