Overview

overview

9

Static

static

3

a6292e2093...e6.exe

windows7-x64

9

a6292e2093...e6.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6

  • Size

    7.5MB

  • Sample

    240510-bkrgzsdd26

  • MD5

    28987206ca2a073ef849b33c5cac99ac

  • SHA1

    4d5f611a3c348083c10e667d1f6da6944e0b8ebc

  • SHA256

    a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6

  • SHA512

    eead925200a214da5ea9376871647cdc1e40dbf55c6dc7072a45f0dd69f2cb88c90b27b80798c409bf7577650078c6728b36b9a5cc892a21836a10809c558e0e

  • SSDEEP

    196608:OqeQ4Uv0SgzIbfyUmvVAkCTC7ipRdQYuUhKAzqeyAUX:5R4/SxfGGkKnpRdQYsAzq2UX

Score
9/10
agilenet

Malware Config

Targets

    • Target

      a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6

    • Size

      7.5MB

    • MD5

      28987206ca2a073ef849b33c5cac99ac

    • SHA1

      4d5f611a3c348083c10e667d1f6da6944e0b8ebc

    • SHA256

      a6292e209366413314dd2acbbf10e75e11b6885f983843d442a0e0b5550ea6e6

    • SHA512

      eead925200a214da5ea9376871647cdc1e40dbf55c6dc7072a45f0dd69f2cb88c90b27b80798c409bf7577650078c6728b36b9a5cc892a21836a10809c558e0e

    • SSDEEP

      196608:OqeQ4Uv0SgzIbfyUmvVAkCTC7ipRdQYuUhKAzqeyAUX:5R4/SxfGGkKnpRdQYsAzq2UX

    Score
    9/10
    agilenet

    • Detects executables packed with Dotfuscator

    • Detects executables packed with Goliath

    • Detects executables packed with SmartAssembly

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks