General
-
Target
client.exe
-
Size
7.0MB
-
Sample
231021-zbghesaa51
-
MD5
5322d9b93041d2d9ae9d70fb01744fe3
-
SHA1
e0a5415a481fb43b197c10cca11578b474e949ef
-
SHA256
931f821c31a22a02a0e90e158dff41c8db204ddef3a9f0b24a6ef220d148ddb8
-
SHA512
e0edda27f02fde9fae2e401190922c59752671fe24ec98c454868074094921ab8a0c8684e4d768b56ab9c85f2615f90fabc10cca1d30f5fccd8b1171d4d4f118
-
SSDEEP
98304:k8C8OcFa3e6TywGPfi3roKN70zWbC+KlDn0VsADhpo6m1NKUZFBRyCKa9duT:Wru96uwSq/iCbLEDnaDhS6gL9O
Malware Config
Targets
-
-
Target
client.exe
-
Size
7.0MB
-
MD5
5322d9b93041d2d9ae9d70fb01744fe3
-
SHA1
e0a5415a481fb43b197c10cca11578b474e949ef
-
SHA256
931f821c31a22a02a0e90e158dff41c8db204ddef3a9f0b24a6ef220d148ddb8
-
SHA512
e0edda27f02fde9fae2e401190922c59752671fe24ec98c454868074094921ab8a0c8684e4d768b56ab9c85f2615f90fabc10cca1d30f5fccd8b1171d4d4f118
-
SSDEEP
98304:k8C8OcFa3e6TywGPfi3roKN70zWbC+KlDn0VsADhpo6m1NKUZFBRyCKa9duT:Wru96uwSq/iCbLEDnaDhS6gL9O
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-