General
-
Target
sample
-
Size
14KB
-
Sample
230403-p53yeaeg88
-
MD5
bce944765f9123cb6875b1eb83934bf7
-
SHA1
c946066023ec1ad3875a0f009c92f2cc57991483
-
SHA256
19586c27c2c9b1a64e52934fb84363fdbd747dc29d2359562de64909e709988c
-
SHA512
5d42ba9a5f992061dee6223d1ad1f17caf906c2067d304a3b3d3e2b7b78f0e201bc35843883e2d7aae250992da965d11a5ceeab921b54d71e704a8cdfc682693
-
SSDEEP
384:r7FLVmE+rzeVoOsKgElKeGMtUGHhhbsOvSX28rtGr:rJYECCVoOsKrI1MtBhbTgrg
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
sample
-
Size
14KB
-
MD5
bce944765f9123cb6875b1eb83934bf7
-
SHA1
c946066023ec1ad3875a0f009c92f2cc57991483
-
SHA256
19586c27c2c9b1a64e52934fb84363fdbd747dc29d2359562de64909e709988c
-
SHA512
5d42ba9a5f992061dee6223d1ad1f17caf906c2067d304a3b3d3e2b7b78f0e201bc35843883e2d7aae250992da965d11a5ceeab921b54d71e704a8cdfc682693
-
SSDEEP
384:r7FLVmE+rzeVoOsKgElKeGMtUGHhhbsOvSX28rtGr:rJYECCVoOsKrI1MtBhbTgrg
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-