General
-
Target
de4dot.7z
-
Size
1.5MB
-
Sample
240608-xqr7cseg8x
-
MD5
b9fcb0ca9df2e16c4d58ea2ec90f624a
-
SHA1
1f71e1b3928a8dda0a9b40fa003a38bccd80b33f
-
SHA256
d0be29109f3ccf8129a7d7a1ad7d30ba085e2ca57945afc2aa56c706123aeaee
-
SHA512
013425a8625bc4b90a9bf8d44e87d887db0f4f1d7255911955cd2561cfcf3b4473ce1cc81bf66b33348b91b7b82416bce77857b074c90df12b1f01dd6cd2f305
-
SSDEEP
24576:ODiN38BqKBVH55ZmdT4oGziImlVAHGK3T7KcQt4vCtpkIKGjoec4rot7KZm2QZYB:OK38BqyZ6/tlNsTW4vCtpxljQCot70QG
Malware Config
Targets
-
-
Target
de4dot.7z
-
Size
1.5MB
-
MD5
b9fcb0ca9df2e16c4d58ea2ec90f624a
-
SHA1
1f71e1b3928a8dda0a9b40fa003a38bccd80b33f
-
SHA256
d0be29109f3ccf8129a7d7a1ad7d30ba085e2ca57945afc2aa56c706123aeaee
-
SHA512
013425a8625bc4b90a9bf8d44e87d887db0f4f1d7255911955cd2561cfcf3b4473ce1cc81bf66b33348b91b7b82416bce77857b074c90df12b1f01dd6cd2f305
-
SSDEEP
24576:ODiN38BqKBVH55ZmdT4oGziImlVAHGK3T7KcQt4vCtpkIKGjoec4rot7KZm2QZYB:OK38BqyZ6/tlNsTW4vCtpxljQCot70QG
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-