General
-
Target
paid.rar
-
Size
39.7MB
-
Sample
230923-se64xsad92
-
MD5
fd4baa70182dddb82b1100843ef18201
-
SHA1
0d30eaf8862b8a3dba04b35888632492afdb3fd9
-
SHA256
f42d9facc32d015a92ae957c60109b82011456c24bb879d9ee1e646f0f2675b9
-
SHA512
1851aa6342f4eefdbd18d9ac08787fbdc99d87d1aaadfd18718264ea6bbc9375b89bd3243e08a12df4d44dc95fdc40c67f0c226ff3a9e615e5f26a6b701f3288
-
SSDEEP
786432:2Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTJ:2/7fQKQbSDfWhfQZ5s+BgrF
Behavioral task
behavioral1
Sample
paid.rar
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
paid.rar
-
Size
39.7MB
-
MD5
fd4baa70182dddb82b1100843ef18201
-
SHA1
0d30eaf8862b8a3dba04b35888632492afdb3fd9
-
SHA256
f42d9facc32d015a92ae957c60109b82011456c24bb879d9ee1e646f0f2675b9
-
SHA512
1851aa6342f4eefdbd18d9ac08787fbdc99d87d1aaadfd18718264ea6bbc9375b89bd3243e08a12df4d44dc95fdc40c67f0c226ff3a9e615e5f26a6b701f3288
-
SSDEEP
786432:2Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTJ:2/7fQKQbSDfWhfQZ5s+BgrF
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-