General
-
Target
2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0
-
Size
452KB
-
Sample
220614-x48q9sdee5
-
MD5
3433fb4e419c5d31ba3c6ef1777e2d85
-
SHA1
996ef3a328b90bb6ec3f33c792f6591f7bbdb3b6
-
SHA256
2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0
-
SHA512
06008f704d18eae1cf4f289c2776d0ec27dd56a30fcf2033660d348af50acbf7d670a024f34e385f88c29b8434caad8a6b092cbeaab1ae6f3e46d5486aef0184
Static task
static1
Behavioral task
behavioral1
Sample
2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0
-
Size
452KB
-
MD5
3433fb4e419c5d31ba3c6ef1777e2d85
-
SHA1
996ef3a328b90bb6ec3f33c792f6591f7bbdb3b6
-
SHA256
2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0
-
SHA512
06008f704d18eae1cf4f289c2776d0ec27dd56a30fcf2033660d348af50acbf7d670a024f34e385f88c29b8434caad8a6b092cbeaab1ae6f3e46d5486aef0184
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-