General
-
Target
3c094942e47ddfc79c9ffa196ad2537dbce8b97841fb01e1d62fbc803e3317de
-
Size
774KB
-
Sample
220703-krnjcacefp
-
MD5
da609eb2e4ff25c05db64c9a53a96c97
-
SHA1
99997f99d2a0250fe1e185ab0c157b5311a2c6c6
-
SHA256
3c094942e47ddfc79c9ffa196ad2537dbce8b97841fb01e1d62fbc803e3317de
-
SHA512
3b6408cc4f42e7caa95c5667604496e57d9778c65619b8b49caf4bcfe2c6b011a57c2338964ec59d989bceb6f5e1de74f4c38cab20fd0812a9efbebef343d6e4
Static task
static1
Behavioral task
behavioral1
Sample
3c094942e47ddfc79c9ffa196ad2537dbce8b97841fb01e1d62fbc803e3317de.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
3c094942e47ddfc79c9ffa196ad2537dbce8b97841fb01e1d62fbc803e3317de
-
Size
774KB
-
MD5
da609eb2e4ff25c05db64c9a53a96c97
-
SHA1
99997f99d2a0250fe1e185ab0c157b5311a2c6c6
-
SHA256
3c094942e47ddfc79c9ffa196ad2537dbce8b97841fb01e1d62fbc803e3317de
-
SHA512
3b6408cc4f42e7caa95c5667604496e57d9778c65619b8b49caf4bcfe2c6b011a57c2338964ec59d989bceb6f5e1de74f4c38cab20fd0812a9efbebef343d6e4
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-