General
-
Target
13685be33cc36747f500c5b392ae8f221e8264e45e1c7ff52865bdcbd4ec9cc7
-
Size
1.3MB
-
Sample
221127-gwjt6sec35
-
MD5
01151ab7fc3222021cbab67f27622e8a
-
SHA1
caf0c1ef61f2846fb527dcca0f58543c25bb7496
-
SHA256
13685be33cc36747f500c5b392ae8f221e8264e45e1c7ff52865bdcbd4ec9cc7
-
SHA512
4db207d0a06f7bfff31113e990082d33605c1afcc7f93128eb4b59293c3cb477c2293751fe8dcbbffb936142ccb1d783ceb154df69973ae5c6bac9210b21c7f8
-
SSDEEP
24576:cxTAxn1eTrQj9JPc9H+XD6krOlfKtBX8y3xyh2h8Qr7Rdwm:cxO889J8MD6krOlfKtBXLz8Qr7Ram
Behavioral task
behavioral1
Sample
13685be33cc36747f500c5b392ae8f221e8264e45e1c7ff52865bdcbd4ec9cc7.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
13685be33cc36747f500c5b392ae8f221e8264e45e1c7ff52865bdcbd4ec9cc7
-
Size
1.3MB
-
MD5
01151ab7fc3222021cbab67f27622e8a
-
SHA1
caf0c1ef61f2846fb527dcca0f58543c25bb7496
-
SHA256
13685be33cc36747f500c5b392ae8f221e8264e45e1c7ff52865bdcbd4ec9cc7
-
SHA512
4db207d0a06f7bfff31113e990082d33605c1afcc7f93128eb4b59293c3cb477c2293751fe8dcbbffb936142ccb1d783ceb154df69973ae5c6bac9210b21c7f8
-
SSDEEP
24576:cxTAxn1eTrQj9JPc9H+XD6krOlfKtBX8y3xyh2h8Qr7Rdwm:cxO889J8MD6krOlfKtBXLz8Qr7Ram
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-