General
-
Target
cc68c64d94ebdf8b1595358fafd3e08dfe0d7c8e545eb97dd7be4c8bdc82fc7b
-
Size
15.9MB
-
Sample
220521-agyapaacb6
-
MD5
1f6ffbf88537755b91d44ef7f2adec54
-
SHA1
e85536f40c73aa0293645bc0e61c4290af3a0b65
-
SHA256
cc68c64d94ebdf8b1595358fafd3e08dfe0d7c8e545eb97dd7be4c8bdc82fc7b
-
SHA512
bc0922aa3a79d6790c4c21b7c404d439233120772528ddcb96c390f276e91f9f162d6a490e02ee4bd963aa02ec15ed88e202e75155e02b1e41a593372fe8f161
Malware Config
Targets
-
-
Target
cc68c64d94ebdf8b1595358fafd3e08dfe0d7c8e545eb97dd7be4c8bdc82fc7b
-
Size
15.9MB
-
MD5
1f6ffbf88537755b91d44ef7f2adec54
-
SHA1
e85536f40c73aa0293645bc0e61c4290af3a0b65
-
SHA256
cc68c64d94ebdf8b1595358fafd3e08dfe0d7c8e545eb97dd7be4c8bdc82fc7b
-
SHA512
bc0922aa3a79d6790c4c21b7c404d439233120772528ddcb96c390f276e91f9f162d6a490e02ee4bd963aa02ec15ed88e202e75155e02b1e41a593372fe8f161
Score8/10-
Stops running service(s)
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-