General

  • Target

    abad27b663c16a7458ce9bf4e21b9989

  • Size

    974KB

  • Sample

    240228-mnl78ahe6v

  • MD5

    abad27b663c16a7458ce9bf4e21b9989

  • SHA1

    e1a502dac844ae19c82a9aaea77a0a4537649255

  • SHA256

    bd535149d1a579080708482ee5e4789a83dc33f9e50d27c20624333de5299670

  • SHA512

    c3f5c41790994505e8d6089d554949fa4f2eca4ee61acb8fb4a82c7bc1fa88af404f3d0c11519560f0fc65ada058b3a37039781b62acc22f1979748d282ab0fe

  • SSDEEP

    6144:KRbPgxNUKolPCKZxeUkxChx4ZfAb7nC0WEG05iTeHZ:7xenPV/kxChx4S95d5

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/861164404162035735/877165641059139624/WindowsHost.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/861164404162035735/877245844057899028/WindowsHelper.exe

Targets

    • Target

      abad27b663c16a7458ce9bf4e21b9989

    • Size

      974KB

    • MD5

      abad27b663c16a7458ce9bf4e21b9989

    • SHA1

      e1a502dac844ae19c82a9aaea77a0a4537649255

    • SHA256

      bd535149d1a579080708482ee5e4789a83dc33f9e50d27c20624333de5299670

    • SHA512

      c3f5c41790994505e8d6089d554949fa4f2eca4ee61acb8fb4a82c7bc1fa88af404f3d0c11519560f0fc65ada058b3a37039781b62acc22f1979748d282ab0fe

    • SSDEEP

      6144:KRbPgxNUKolPCKZxeUkxChx4ZfAb7nC0WEG05iTeHZ:7xenPV/kxChx4S95d5

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks