General

  • Target

    f9e2717a7c8bd0c3ec8216294d4db74d91b8082d5f68dd223fc7c0bab3040a52

  • Size

    512KB

  • Sample

    221130-qrtm9aea43

  • MD5

    d036fabd76bf32570481a2224706ddef

  • SHA1

    f52ce02926904c648f4b4a5a4a5ad14db09c45e0

  • SHA256

    f9e2717a7c8bd0c3ec8216294d4db74d91b8082d5f68dd223fc7c0bab3040a52

  • SHA512

    752c2de69fc94e66e772fd48721d71ee56da6156e7460d3a415f702a07fc14c1645e5ef7885142b8207437ba9536cd533d0fec8d8f064bc70453bd457c9d5968

  • SSDEEP

    12288:SZHVhCLTfKQwDvD5H6Mrb+/0ULRctxIbuOUbXEJ6Ay:EH0KQoP3+/MSHqb

Score
8/10

Malware Config

Targets

    • Target

      f9e2717a7c8bd0c3ec8216294d4db74d91b8082d5f68dd223fc7c0bab3040a52

    • Size

      512KB

    • MD5

      d036fabd76bf32570481a2224706ddef

    • SHA1

      f52ce02926904c648f4b4a5a4a5ad14db09c45e0

    • SHA256

      f9e2717a7c8bd0c3ec8216294d4db74d91b8082d5f68dd223fc7c0bab3040a52

    • SHA512

      752c2de69fc94e66e772fd48721d71ee56da6156e7460d3a415f702a07fc14c1645e5ef7885142b8207437ba9536cd533d0fec8d8f064bc70453bd457c9d5968

    • SSDEEP

      12288:SZHVhCLTfKQwDvD5H6Mrb+/0ULRctxIbuOUbXEJ6Ay:EH0KQoP3+/MSHqb

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks