General

  • Target

    EZLinkvertiseBypasser(3).exe

  • Size

    7.7MB

  • Sample

    250125-zg7xkazjaw

  • MD5

    aea1cb4112e6c9ee9048a4fa1dd3ad3e

  • SHA1

    24200398223ea927c29c821dacb5688f3c108e47

  • SHA256

    4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f

  • SHA512

    b858868ef8203c251a40f7b0bc2cf97b72b7289e55e74b4502e17344d4786e6c0ce621617c70a18c978d561c3552c6687b1f7c9b7b048b88854f1846124fd849

  • SSDEEP

    196608:tYJQMUxL9AwB8XsAa3uJ2tSpFlXQne8ZXeBD1C9V2:tCEAwB8X63uJ2wnlXQjedE9

Malware Config

Targets

    • Target

      EZLinkvertiseBypasser(3).exe

    • Size

      7.7MB

    • MD5

      aea1cb4112e6c9ee9048a4fa1dd3ad3e

    • SHA1

      24200398223ea927c29c821dacb5688f3c108e47

    • SHA256

      4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f

    • SHA512

      b858868ef8203c251a40f7b0bc2cf97b72b7289e55e74b4502e17344d4786e6c0ce621617c70a18c978d561c3552c6687b1f7c9b7b048b88854f1846124fd849

    • SSDEEP

      196608:tYJQMUxL9AwB8XsAa3uJ2tSpFlXQne8ZXeBD1C9V2:tCEAwB8X63uJ2wnlXQjedE9

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks