General
-
Target
abad27b663c16a7458ce9bf4e21b9989
-
Size
974KB
-
Sample
240228-mnl78ahe6v
-
MD5
abad27b663c16a7458ce9bf4e21b9989
-
SHA1
e1a502dac844ae19c82a9aaea77a0a4537649255
-
SHA256
bd535149d1a579080708482ee5e4789a83dc33f9e50d27c20624333de5299670
-
SHA512
c3f5c41790994505e8d6089d554949fa4f2eca4ee61acb8fb4a82c7bc1fa88af404f3d0c11519560f0fc65ada058b3a37039781b62acc22f1979748d282ab0fe
-
SSDEEP
6144:KRbPgxNUKolPCKZxeUkxChx4ZfAb7nC0WEG05iTeHZ:7xenPV/kxChx4S95d5
Behavioral task
behavioral1
Sample
abad27b663c16a7458ce9bf4e21b9989.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
abad27b663c16a7458ce9bf4e21b9989.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/861164404162035735/877165641059139624/WindowsHost.exe
Extracted
https://cdn.discordapp.com/attachments/861164404162035735/877245844057899028/WindowsHelper.exe
Targets
-
-
Target
abad27b663c16a7458ce9bf4e21b9989
-
Size
974KB
-
MD5
abad27b663c16a7458ce9bf4e21b9989
-
SHA1
e1a502dac844ae19c82a9aaea77a0a4537649255
-
SHA256
bd535149d1a579080708482ee5e4789a83dc33f9e50d27c20624333de5299670
-
SHA512
c3f5c41790994505e8d6089d554949fa4f2eca4ee61acb8fb4a82c7bc1fa88af404f3d0c11519560f0fc65ada058b3a37039781b62acc22f1979748d282ab0fe
-
SSDEEP
6144:KRbPgxNUKolPCKZxeUkxChx4ZfAb7nC0WEG05iTeHZ:7xenPV/kxChx4S95d5
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-