General
-
Target
9a450a05657ce80e73171556154adb60.bin
-
Size
453KB
-
Sample
230507-b8yafaah85
-
MD5
229d6dc23378a805c542796ad4459134
-
SHA1
1b2186412ceeb1832345e9ab90b62d251901d8dc
-
SHA256
3b7abe05516dd3ff792736bc8a14685ea14e6cb3711a1df4dfc415ed01b9b042
-
SHA512
ac4c6e2327d4f7beb572e73c9107c72bf6b204cd3d63e41fc1bff5197b4ed611a4a7d50631710168aa6837972b8fcc530be0817393da3c902adf2184eef71b4e
-
SSDEEP
12288:nWoLL6kgtgwew27nRNvCrRypwLwRSKH0EH2AQr5mRENaljH:bL6YrDja10wnUd2jVmYaRH
Behavioral task
behavioral1
Sample
16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee.exe
-
Size
744KB
-
MD5
9a450a05657ce80e73171556154adb60
-
SHA1
9db02ebf6b851397ab6d43d4c79d3785987a56b1
-
SHA256
16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee
-
SHA512
c75444be53b8b55d6634ed8c632b78b523bff5b0ad1eb9171fce65778c6444a7728c11b4137bb397a75f0df635d80083aea380d9708b04a5bf97d0c40965f208
-
SSDEEP
12288:prBjpOUREzLw2f1WrG8HXXQGa3INlTVlRGvk4qOV7l:prBj0+EzLwW1T8HQ93IlTtO
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-