General
-
Target
chrome google Soft.exe
-
Size
8.1MB
-
Sample
230408-v9md4sgc8z
-
MD5
602dd59073ca0509edb53e16bebf365a
-
SHA1
082ec8af3e339788b30e118f275e78651fc91755
-
SHA256
9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5
-
SHA512
d867af4120a3fdfcd0e15fea729b361a438a5d3db98d1620c9294aab1bcce09c2090b21ba2ac266014b9fc7bc5e063eba7baefe7d7999b01a8056495d3f849b4
-
SSDEEP
196608:W9EHUdWdI9Qb80y23OTUneFhO10gRe1ZXW5+djqkppLmLR:oWdI5YOo+hO10H9W5+FJpY
Static task
static1
Behavioral task
behavioral1
Sample
chrome google Soft.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
chrome google Soft.exe
-
Size
8.1MB
-
MD5
602dd59073ca0509edb53e16bebf365a
-
SHA1
082ec8af3e339788b30e118f275e78651fc91755
-
SHA256
9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5
-
SHA512
d867af4120a3fdfcd0e15fea729b361a438a5d3db98d1620c9294aab1bcce09c2090b21ba2ac266014b9fc7bc5e063eba7baefe7d7999b01a8056495d3f849b4
-
SSDEEP
196608:W9EHUdWdI9Qb80y23OTUneFhO10gRe1ZXW5+djqkppLmLR:oWdI5YOo+hO10H9W5+FJpY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-