General
-
Target
echo.7z
-
Size
17.3MB
-
Sample
240521-takwkaba8w
-
MD5
e0499900323a2a13e715c79df240c8cc
-
SHA1
aab068f2af116efa533c46e42424f16f3eef90b6
-
SHA256
4b246be91cb37f662827dbfb616b3a0cea66c9ee8db0eeff3808bf057b2b4738
-
SHA512
f3b2d599431082f4a0591888ba12ccbf9dd518da64004092ee8dbe8fbff75fadee119694b766dff8cfcebb722600b46b950134304ead0d05069ad588a82d0cfb
-
SSDEEP
393216:URxIrNnI6f7uzW4RyQZecNoTyBNoQKwKhGM4/kOh3Kv:qI6qqzW4RyncN2wNRKoM4de
Malware Config
Targets
-
-
Target
echo.7z
-
Size
17.3MB
-
MD5
e0499900323a2a13e715c79df240c8cc
-
SHA1
aab068f2af116efa533c46e42424f16f3eef90b6
-
SHA256
4b246be91cb37f662827dbfb616b3a0cea66c9ee8db0eeff3808bf057b2b4738
-
SHA512
f3b2d599431082f4a0591888ba12ccbf9dd518da64004092ee8dbe8fbff75fadee119694b766dff8cfcebb722600b46b950134304ead0d05069ad588a82d0cfb
-
SSDEEP
393216:URxIrNnI6f7uzW4RyQZecNoTyBNoQKwKhGM4/kOh3Kv:qI6qqzW4RyncN2wNRKoM4de
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-