General
-
Target
никита лох.zip
-
Size
225KB
-
Sample
230517-hcmx6ada3y
-
MD5
c0282b79b705a59017d05e5dfede20e1
-
SHA1
6ec1b78bd98f39b439eda1f25411432beb28c8e2
-
SHA256
2f34ee1bde6be982fb0d64b55226aaf9cbc57fb10db1f6b5e7747ffa0de53726
-
SHA512
94bcc68f0976cb45f1bd21e833c55224e2c5cf791b50e271b753a33bf84ec593d59ff70aafdb46a90e23d73e92c071e07d534a23c2e703d676de089c6949c1b9
-
SSDEEP
6144:GcoyH+4yOXpYq2O4O2gy9mbsTO6kBE/I357yyz:Bo0yOZY79ZTO6vIp7yc
Static task
static1
Behavioral task
behavioral1
Sample
никита лох.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
никита лох.zip
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
никита лох.zip
-
Size
225KB
-
MD5
c0282b79b705a59017d05e5dfede20e1
-
SHA1
6ec1b78bd98f39b439eda1f25411432beb28c8e2
-
SHA256
2f34ee1bde6be982fb0d64b55226aaf9cbc57fb10db1f6b5e7747ffa0de53726
-
SHA512
94bcc68f0976cb45f1bd21e833c55224e2c5cf791b50e271b753a33bf84ec593d59ff70aafdb46a90e23d73e92c071e07d534a23c2e703d676de089c6949c1b9
-
SSDEEP
6144:GcoyH+4yOXpYq2O4O2gy9mbsTO6kBE/I357yyz:Bo0yOZY79ZTO6vIp7yc
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-