General
-
Target
IMG_0135.jpeg
-
Size
25KB
-
Sample
250113-vtbmnssncj
-
MD5
5a7ba4c88dca5b5f90df79920d166be1
-
SHA1
a5a72199e36681754c7446e3bc1ad907acd7a4c4
-
SHA256
144cc427138c1e7cad556b31377bbab933a490b595091d239e4d9b3d414893f7
-
SHA512
c928826024e4e498aa7e362dab55a16c86d04453bf262586ec4c149ee8d86f5e4b7a717806b0387682d6dc5fde97a1bb0fc82e165d56af6f02009438055ab861
-
SSDEEP
768:Z8PI2KvWFIFoFYFgsLITWcDdz8sncaY6dy+TcVj0vjz:ZZymgYFgaZcDpdncaxA63
Static task
static1
Malware Config
Targets
-
-
Target
IMG_0135.jpeg
-
Size
25KB
-
MD5
5a7ba4c88dca5b5f90df79920d166be1
-
SHA1
a5a72199e36681754c7446e3bc1ad907acd7a4c4
-
SHA256
144cc427138c1e7cad556b31377bbab933a490b595091d239e4d9b3d414893f7
-
SHA512
c928826024e4e498aa7e362dab55a16c86d04453bf262586ec4c149ee8d86f5e4b7a717806b0387682d6dc5fde97a1bb0fc82e165d56af6f02009438055ab861
-
SSDEEP
768:Z8PI2KvWFIFoFYFgsLITWcDdz8sncaY6dy+TcVj0vjz:ZZymgYFgaZcDpdncaxA63
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2