General

  • Target

    paid.rar

  • Size

    39.7MB

  • Sample

    230923-se64xsad92

  • MD5

    fd4baa70182dddb82b1100843ef18201

  • SHA1

    0d30eaf8862b8a3dba04b35888632492afdb3fd9

  • SHA256

    f42d9facc32d015a92ae957c60109b82011456c24bb879d9ee1e646f0f2675b9

  • SHA512

    1851aa6342f4eefdbd18d9ac08787fbdc99d87d1aaadfd18718264ea6bbc9375b89bd3243e08a12df4d44dc95fdc40c67f0c226ff3a9e615e5f26a6b701f3288

  • SSDEEP

    786432:2Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTJ:2/7fQKQbSDfWhfQZ5s+BgrF

Score
10/10

Malware Config

Targets

    • Target

      paid.rar

    • Size

      39.7MB

    • MD5

      fd4baa70182dddb82b1100843ef18201

    • SHA1

      0d30eaf8862b8a3dba04b35888632492afdb3fd9

    • SHA256

      f42d9facc32d015a92ae957c60109b82011456c24bb879d9ee1e646f0f2675b9

    • SHA512

      1851aa6342f4eefdbd18d9ac08787fbdc99d87d1aaadfd18718264ea6bbc9375b89bd3243e08a12df4d44dc95fdc40c67f0c226ff3a9e615e5f26a6b701f3288

    • SSDEEP

      786432:2Tr7fQKPYWxmcwSD6grWJhZ15YMZgUn4rQy5sxQjV9SrTJ:2/7fQKQbSDfWhfQZ5s+BgrF

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks