General
-
Target
a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6
-
Size
7.5MB
-
Sample
240510-bkrgzsdd26
-
MD5
28987206ca2a073ef849b33c5cac99ac
-
SHA1
4d5f611a3c348083c10e667d1f6da6944e0b8ebc
-
SHA256
a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6
-
SHA512
eead925200a214da5ea9376871647cdc1e40dbf55c6dc7072a45f0dd69f2cb88c90b27b80798c409bf7577650078c6728b36b9a5cc892a21836a10809c558e0e
-
SSDEEP
196608:OqeQ4Uv0SgzIbfyUmvVAkCTC7ipRdQYuUhKAzqeyAUX:5R4/SxfGGkKnpRdQYsAzq2UX
Malware Config
Targets
-
-
Target
a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6
-
Size
7.5MB
-
MD5
28987206ca2a073ef849b33c5cac99ac
-
SHA1
4d5f611a3c348083c10e667d1f6da6944e0b8ebc
-
SHA256
a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6
-
SHA512
eead925200a214da5ea9376871647cdc1e40dbf55c6dc7072a45f0dd69f2cb88c90b27b80798c409bf7577650078c6728b36b9a5cc892a21836a10809c558e0e
-
SSDEEP
196608:OqeQ4Uv0SgzIbfyUmvVAkCTC7ipRdQYuUhKAzqeyAUX:5R4/SxfGGkKnpRdQYsAzq2UX
Score9/10-
Detects executables packed with Dotfuscator
-
Detects executables packed with Goliath
-
Detects executables packed with SmartAssembly
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-