General
-
Target
Royal.Full.rar
-
Size
2.4MB
-
Sample
230501-r99ymaga29
-
MD5
c8d06ef9184701388bbf4407a304103f
-
SHA1
a12f32b92f9c26c0a0808796844d39ef59c1a0be
-
SHA256
1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f
-
SHA512
f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab
-
SSDEEP
49152:OFH026eImiJNJR2J/TT6DTbjmFyEqDVnPD+okNyf183mJ8BN:40Bjms3RkToTbjaVqRnyd72JQN
Malware Config
Targets
-
-
Target
Royal.Full.rar
-
Size
2.4MB
-
MD5
c8d06ef9184701388bbf4407a304103f
-
SHA1
a12f32b92f9c26c0a0808796844d39ef59c1a0be
-
SHA256
1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f
-
SHA512
f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab
-
SSDEEP
49152:OFH026eImiJNJR2J/TT6DTbjmFyEqDVnPD+okNyf183mJ8BN:40Bjms3RkToTbjaVqRnyd72JQN
Score9/10-
Modifies boot configuration data using bcdedit
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-