General
-
Target
Malwarebytes Checker By PJ v1.1.rar
-
Size
955KB
-
Sample
230509-qbhwtaga25
-
MD5
8bf2405ce79ecd6d4674973561dea1ee
-
SHA1
8554911db848f7ba27e175766a510f45d5113d4e
-
SHA256
301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1
-
SHA512
5a03c12183b6d3cebdd1abd1f10c903b7a6204074d45331d76c2c06d9f00fff21b7f7dc867cb75457b6080f4fed69a61b417cb596be24578fc8104f8693f67a5
-
SSDEEP
24576:Mbqqp4Rg8o8C5eFyIMxtMoqGb0iKegm5G843:Qqqp04PgMcc09egSo
Malware Config
Targets
-
-
Target
Malwarebytes Checker By PJ v1.1.rar
-
Size
955KB
-
MD5
8bf2405ce79ecd6d4674973561dea1ee
-
SHA1
8554911db848f7ba27e175766a510f45d5113d4e
-
SHA256
301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1
-
SHA512
5a03c12183b6d3cebdd1abd1f10c903b7a6204074d45331d76c2c06d9f00fff21b7f7dc867cb75457b6080f4fed69a61b417cb596be24578fc8104f8693f67a5
-
SSDEEP
24576:Mbqqp4Rg8o8C5eFyIMxtMoqGb0iKegm5G843:Qqqp04PgMcc09egSo
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Malwarebytes Checker By PJ v1.1/Guna.UI2.dll
-
Size
2.1MB
-
MD5
aca7f1ca2525160b85404e638732bd87
-
SHA1
612b5fa896871ee2f8f5710ac4bc63701cb96e4f
-
SHA256
bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e
-
SHA512
dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3
-
SSDEEP
49152:tvU6fD73waJnBA5lV8jldVmIgA5iKOvhn:tvU6vznglEldVmIJi/vt
Score1/10 -
-
-
Target
Malwarebytes Checker By PJ v1.1/Leaf.xNet.dll
-
Size
129KB
-
MD5
ea87f37e78fb9af4bf805f6e958f68f4
-
SHA1
89662fed195d7b9d65ab7ba8605a3cd953f2b06a
-
SHA256
de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
-
SHA512
c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
-
SSDEEP
3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO
Score1/10 -
-
-
Target
Malwarebytes Checker By PJ v1.1/Malwarebytes Checker By PJ v1.1.exe
-
Size
528KB
-
MD5
6060d7633c720d9aeb219f3a875b99fd
-
SHA1
7bd3e8accf96f89632eddf4463b2d14397045283
-
SHA256
a590631ee4b10949e6d3cf12dbaf1dbe0a355ac9263dd65721f41698b2891eca
-
SHA512
7ea3a71c9e3e4cd9b1b898ca64f591b6943d1f7dd9e96faffb6b4012e8b23940138bfc2d08f9a8251f1c0f77bf923cbcf7f2d8c2e3d4e7b369e034b73521441f
-
SSDEEP
6144:Q7Osq+KrFr0RUx36nATyqoQXgu8xDl3F+UAFuGx1RXs8:Q4+EOD73Fn8p
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
Malwarebytes Checker By PJ v1.1/Result/Free[11-24-11_54].txt
-
Size
156B
-
MD5
76a26dc9df838c43a1bc4e3eef7ff694
-
SHA1
f534bf8fbb9fa8d65823cb3cc9db4bc7f41d64f4
-
SHA256
dfde31e0228c2927b63d3ab189f0cd3b61cb4d423c8dd8710c94768e54d13660
-
SHA512
ec76a615f2cb7496be6b161471862a4e2a2d33ab57bef4bebf42b6fa6cdd1a1f470978e960802e591663443477df1e91f93a64d17cfe773987cb5fdcbb3c7e94
Score1/10 -
-
-
Target
Malwarebytes Checker By PJ v1.1/Screenshots/screenshots[psgy0sbf.ppd].png
-
Size
33KB
-
MD5
b6de33ccb411b1a866b98116d4016373
-
SHA1
37d5cab172c09d1603ec56ce48c4c2a2bfbaaad0
-
SHA256
3e08447e857cbe82c861084aff327e016df5e13829afbde26b7a0a87a3612793
-
SHA512
f49d8e0f69d3870ff70778fcddb2dd56c66b279293223cdcc4ba1becbe8df5d33e146c0973646d157b30220fee70571484dae0f488a90583cb9c1640e7564571
-
SSDEEP
768:Y4g4YAFfbUeGchhSSSSSSSSSSSSSSSSSSSSSSSSVudKUKK6uFc38shVD3Zjm4UdF:Y4g4vFfhGshSSSSSSSSSSSSSSSSSSSSY
Score3/10 -