General
-
Target
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3
-
Size
389KB
-
Sample
220521-xmhhracag3
-
MD5
01960910f4cc1692918f0643ac14dc3b
-
SHA1
f87f85850f233d55b6ce411591d62efeeb4d2d74
-
SHA256
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3
-
SHA512
aad4bf6c0e4bc245d5c3e1c07d930d54b976e2caebbfa392eceb0768424564dc925d953f32b169c927501edaad53adf25537a75e8002d1bb00b445fe4caf7c07
Static task
static1
Behavioral task
behavioral1
Sample
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3
-
Size
389KB
-
MD5
01960910f4cc1692918f0643ac14dc3b
-
SHA1
f87f85850f233d55b6ce411591d62efeeb4d2d74
-
SHA256
2a91aea6878d4101207c5590e652a0ea2aed8739742b778ae7fc8e9e9d6700c3
-
SHA512
aad4bf6c0e4bc245d5c3e1c07d930d54b976e2caebbfa392eceb0768424564dc925d953f32b169c927501edaad53adf25537a75e8002d1bb00b445fe4caf7c07
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-