General
-
Target
c80949a2de5a8518242d97f829f907cc3a0a276a4d577f0838a3974b68c56d06
-
Size
9.4MB
-
Sample
211219-bb42qafga2
-
MD5
724d7178dacd7697dd75751a49bbb897
-
SHA1
df10e6f4a81466944fd5e3951b22e7dce72b9a50
-
SHA256
c80949a2de5a8518242d97f829f907cc3a0a276a4d577f0838a3974b68c56d06
-
SHA512
bbb8cb49bf139fa2a6ef689c065727e4465e01cf92105726d051eb12f4ef8b7397c2616ffbbefeea4dc6ea6fb6f603a4587e90eba834f9715e8e46874a716f20
Static task
static1
Malware Config
Targets
-
-
Target
c80949a2de5a8518242d97f829f907cc3a0a276a4d577f0838a3974b68c56d06
-
Size
9.4MB
-
MD5
724d7178dacd7697dd75751a49bbb897
-
SHA1
df10e6f4a81466944fd5e3951b22e7dce72b9a50
-
SHA256
c80949a2de5a8518242d97f829f907cc3a0a276a4d577f0838a3974b68c56d06
-
SHA512
bbb8cb49bf139fa2a6ef689c065727e4465e01cf92105726d051eb12f4ef8b7397c2616ffbbefeea4dc6ea6fb6f603a4587e90eba834f9715e8e46874a716f20
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-