General
-
Target
Protected.exe
-
Size
4.0MB
-
Sample
240923-wv78pswdql
-
MD5
776eed86bb7308e19b019099245bc58c
-
SHA1
bb18259395d43b9b07fe63726805157b7dfda286
-
SHA256
c94750f87bb70c03a496307e6a67aedc4d7c12a827c01dd10166a3d0ba4d8fc7
-
SHA512
fede548d59c02351f771b17803878a724e16a9a6c93be80b9c072cb44c71562d69ff3c2a7ecc2f699be94f9ced69abdee9d8c42c75affb2aa4448e688bf12038
-
SSDEEP
98304:dUM3Ff8wfGvV31YY7KHC009WlCkoJWK3GpaElH:dUM3FTfsV3Z7AjEWYkoYKWph
Static task
static1
Behavioral task
behavioral1
Sample
Protected.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Protected.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Protected.exe
-
Size
4.0MB
-
MD5
776eed86bb7308e19b019099245bc58c
-
SHA1
bb18259395d43b9b07fe63726805157b7dfda286
-
SHA256
c94750f87bb70c03a496307e6a67aedc4d7c12a827c01dd10166a3d0ba4d8fc7
-
SHA512
fede548d59c02351f771b17803878a724e16a9a6c93be80b9c072cb44c71562d69ff3c2a7ecc2f699be94f9ced69abdee9d8c42c75affb2aa4448e688bf12038
-
SSDEEP
98304:dUM3Ff8wfGvV31YY7KHC009WlCkoJWK3GpaElH:dUM3FTfsV3Z7AjEWYkoYKWph
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1