General
-
Target
EZLinkvertiseBypasser(3).exe
-
Size
7.7MB
-
Sample
250125-zg7xkazjaw
-
MD5
aea1cb4112e6c9ee9048a4fa1dd3ad3e
-
SHA1
24200398223ea927c29c821dacb5688f3c108e47
-
SHA256
4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f
-
SHA512
b858868ef8203c251a40f7b0bc2cf97b72b7289e55e74b4502e17344d4786e6c0ce621617c70a18c978d561c3552c6687b1f7c9b7b048b88854f1846124fd849
-
SSDEEP
196608:tYJQMUxL9AwB8XsAa3uJ2tSpFlXQne8ZXeBD1C9V2:tCEAwB8X63uJ2wnlXQjedE9
Static task
static1
Behavioral task
behavioral1
Sample
EZLinkvertiseBypasser(3).exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
EZLinkvertiseBypasser(3).exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
EZLinkvertiseBypasser(3).exe
-
Size
7.7MB
-
MD5
aea1cb4112e6c9ee9048a4fa1dd3ad3e
-
SHA1
24200398223ea927c29c821dacb5688f3c108e47
-
SHA256
4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f
-
SHA512
b858868ef8203c251a40f7b0bc2cf97b72b7289e55e74b4502e17344d4786e6c0ce621617c70a18c978d561c3552c6687b1f7c9b7b048b88854f1846124fd849
-
SSDEEP
196608:tYJQMUxL9AwB8XsAa3uJ2tSpFlXQne8ZXeBD1C9V2:tCEAwB8X63uJ2wnlXQjedE9
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-