General
-
Target
Downloads.7z
-
Size
41.1MB
-
Sample
240521-vmncwsce9x
-
MD5
2607cb1364027c39dd94703a90f31bfd
-
SHA1
fbb9dd6766e66b7c7d4390c72b3ffc5d634eb954
-
SHA256
b7a5e34996fc0ea9913935ab0435d34675f0bf24de154614cb815ffa8c44c00b
-
SHA512
8488d77e8f1d99204d1150ed3c6db8148534bbf0f890b853d8775fdd6ec3c78bcd73410694c0cf598d1c01861d9ec986dea4474457d4274d62152ef383dfba2e
-
SSDEEP
786432:APo+katRsnFtkQQC6QmpmjwqXlht00/Sr/Q6qS7cr9d5oekEwNRKoM4m:AP1kIRCk6672wqvR/uUYcr+evwap
Malware Config
Targets
-
-
Target
Downloads.7z
-
Size
41.1MB
-
MD5
2607cb1364027c39dd94703a90f31bfd
-
SHA1
fbb9dd6766e66b7c7d4390c72b3ffc5d634eb954
-
SHA256
b7a5e34996fc0ea9913935ab0435d34675f0bf24de154614cb815ffa8c44c00b
-
SHA512
8488d77e8f1d99204d1150ed3c6db8148534bbf0f890b853d8775fdd6ec3c78bcd73410694c0cf598d1c01861d9ec986dea4474457d4274d62152ef383dfba2e
-
SSDEEP
786432:APo+katRsnFtkQQC6QmpmjwqXlht00/Sr/Q6qS7cr9d5oekEwNRKoM4m:AP1kIRCk6672wqvR/uUYcr+evwap
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-