General
-
Target
1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e
-
Size
402KB
-
Sample
220604-l85pmabba8
-
MD5
ea915c7c1419e641810ac82e2896094c
-
SHA1
193c415f7cc86da583daa74057592568e2b9fa71
-
SHA256
1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e
-
SHA512
b45df5909bceec83b4d0d52605138fce64c4645c013b1e24a8481d72be6041c2a95bc70aee0efeb152e44a599fc9a55f5c3a2a11f6cf8c710e1c25a45584e26c
Static task
static1
Behavioral task
behavioral1
Sample
1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e
-
Size
402KB
-
MD5
ea915c7c1419e641810ac82e2896094c
-
SHA1
193c415f7cc86da583daa74057592568e2b9fa71
-
SHA256
1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e
-
SHA512
b45df5909bceec83b4d0d52605138fce64c4645c013b1e24a8481d72be6041c2a95bc70aee0efeb152e44a599fc9a55f5c3a2a11f6cf8c710e1c25a45584e26c
-
Drops startup file
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-