General

  • Target

    c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2

  • Size

    6.2MB

  • Sample

    250210-blw4vsxner

  • MD5

    c9087b0c23ccc8a1ebdb661a50c2c89e

  • SHA1

    96481ebf1b4a6b8451a999bbd827885040ce2b57

  • SHA256

    c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2

  • SHA512

    22ba6632931e41f4791822cf718df208ba33a2423c740d1291ba3c2a75e5584ef1b6e5f9d984aade0279197fba26473738d961e4221934e56b2628095151d2ad

  • SSDEEP

    98304:QcvvmtW8md9UsUKQqEToin4auJQrhS0qJi9Qgp1nv2jwm85GtBOTgeR485yz:QcvvmTAlUKQqETbiJX04iJfv2jxEFGj

Score
8/10

Malware Config

Targets

    • Target

      c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2

    • Size

      6.2MB

    • MD5

      c9087b0c23ccc8a1ebdb661a50c2c89e

    • SHA1

      96481ebf1b4a6b8451a999bbd827885040ce2b57

    • SHA256

      c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2

    • SHA512

      22ba6632931e41f4791822cf718df208ba33a2423c740d1291ba3c2a75e5584ef1b6e5f9d984aade0279197fba26473738d961e4221934e56b2628095151d2ad

    • SSDEEP

      98304:QcvvmtW8md9UsUKQqEToin4auJQrhS0qJi9Qgp1nv2jwm85GtBOTgeR485yz:QcvvmTAlUKQqETbiJX04iJfv2jxEFGj

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks