General
-
Target
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3
-
Size
2.0MB
-
Sample
240505-nyh4zsha9t
-
MD5
0ffb5f463f6c63d11a48d2b4ef3be8dd
-
SHA1
997a45a3707dd6ac76765664503576d3f6a37cb3
-
SHA256
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3
-
SHA512
3505ed0ac12a63cf054ee1a0863204cba196c5c7026b9cdfae55ca1371092f9b809a491ca01de81d0605b302bc96e23e4a64064368002fc80138218c638fc468
-
SSDEEP
49152:ZWFxPJFPcZYQKes8mugsPngHr79/Hx8vkXhWF+DDxaUKY:ZoxPyw8mRPmvRF4DQ4
Static task
static1
Behavioral task
behavioral1
Sample
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3
-
Size
2.0MB
-
MD5
0ffb5f463f6c63d11a48d2b4ef3be8dd
-
SHA1
997a45a3707dd6ac76765664503576d3f6a37cb3
-
SHA256
ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3
-
SHA512
3505ed0ac12a63cf054ee1a0863204cba196c5c7026b9cdfae55ca1371092f9b809a491ca01de81d0605b302bc96e23e4a64064368002fc80138218c638fc468
-
SSDEEP
49152:ZWFxPJFPcZYQKes8mugsPngHr79/Hx8vkXhWF+DDxaUKY:ZoxPyw8mRPmvRF4DQ4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-