General
-
Target
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
-
Size
135KB
-
Sample
221128-wdej3add72
-
MD5
1e207e4e463139dd8b330970de52d635
-
SHA1
143b257325a178f1962b2166bb31227abcb9cc30
-
SHA256
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
-
SHA512
b1026c111fcc4663c3c8cc36a53237728b8a08b45dcaebe5b0f5c2c0cba3086c8f980833b4a4adda78732a1d7e6aa07c6721610c8b229ff4294d422c3d85aaa2
-
SSDEEP
3072:tbJV6Vf61gH2L9PuW+d1ZM23XxfkIrlB3PYysK8JEpsTTX:B68eHipuD3XVkwlB3sKfpYT
Behavioral task
behavioral1
Sample
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
-
Size
135KB
-
MD5
1e207e4e463139dd8b330970de52d635
-
SHA1
143b257325a178f1962b2166bb31227abcb9cc30
-
SHA256
64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
-
SHA512
b1026c111fcc4663c3c8cc36a53237728b8a08b45dcaebe5b0f5c2c0cba3086c8f980833b4a4adda78732a1d7e6aa07c6721610c8b229ff4294d422c3d85aaa2
-
SSDEEP
3072:tbJV6Vf61gH2L9PuW+d1ZM23XxfkIrlB3PYysK8JEpsTTX:B68eHipuD3XVkwlB3sKfpYT
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops file in System32 directory
-