General
-
Target
vozer_promo_pass_infected.zip
-
Size
53KB
-
Sample
240412-3rqyksbc4v
-
MD5
5d8c03c354500fdeaea2d5969f360712
-
SHA1
d3a0ff8a84eda1939eb796e3d07b2a9ab7a5a0db
-
SHA256
324c0102bae77f7829b0c441875565b1f31f2e57757958a261b9fcef7345749a
-
SHA512
ce58ea5b60ec87196d54ca81f5f3024771c65106b520751ff1ffb329681c033a48bac40adb09a3e572017ddf7bb722e9cdbef207a41ec44c532f44df7529942c
-
SSDEEP
1536:s4ZN6iF9Ejlp4LrJHtQeCbLpdU6yWUfLeGafDNl:jL3EjlGL0ZPbwLePDNl
Behavioral task
behavioral1
Sample
Contract for collaboration.pdf.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
Promotion video from Spotify.mp4.scr
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Contract for collaboration.pdf.exe
-
Size
750.0MB
-
MD5
b1f104a15b02a9f967111a0ac5f7f379
-
SHA1
23043fbea3620c4b793ed3306ebedeeff06a35d7
-
SHA256
d95014339b85a2a95a540c97c802bea91c85241b3dd74aba7fb1f5d5e26651df
-
SHA512
94a7541e9a82c70791064c97cc94c75ec27362615867157e20ba62ac1b9d712bddee06b633ef48c9fde54f1778b8b29ba034beec0d05f317d4cd0b47a534fc43
-
SSDEEP
768:ly4GM66uNWJJG41zHClKhv5QO1IthaMolDGA3hwP:WRwJJt1OEhQO1IvY3hwP
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
Promotion video from Spotify.mp4.scr
-
Size
274.0MB
-
MD5
e14930dfee63889484336400c2ab909c
-
SHA1
29bbe527926d1347bb866112c3f350f8faf57669
-
SHA256
16583f2195d27d6f02d583815c4323390e0c0c14e1b6ad7a05232253ee2a2bb0
-
SHA512
1b45c8ce425485638713468c4702fc2a642e5e0d563814d3ae62d8bcd539661a960b9dba707cf0609eccb3dd028730713624993cf19eb0fef84cb2e891c4ba26
-
SSDEEP
384:m2rP+4GNW6oBohNW6xt/ssMjLeTI6Kw418lfFdFZr1AFrVPCk:m2y4GM66uNWJJG41ettOT6k
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-