General
-
Target
c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2
-
Size
6.2MB
-
Sample
250210-blw4vsxner
-
MD5
c9087b0c23ccc8a1ebdb661a50c2c89e
-
SHA1
96481ebf1b4a6b8451a999bbd827885040ce2b57
-
SHA256
c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2
-
SHA512
22ba6632931e41f4791822cf718df208ba33a2423c740d1291ba3c2a75e5584ef1b6e5f9d984aade0279197fba26473738d961e4221934e56b2628095151d2ad
-
SSDEEP
98304:QcvvmtW8md9UsUKQqEToin4auJQrhS0qJi9Qgp1nv2jwm85GtBOTgeR485yz:QcvvmTAlUKQqETbiJX04iJfv2jxEFGj
Static task
static1
Behavioral task
behavioral1
Sample
c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2
-
Size
6.2MB
-
MD5
c9087b0c23ccc8a1ebdb661a50c2c89e
-
SHA1
96481ebf1b4a6b8451a999bbd827885040ce2b57
-
SHA256
c5f5ad54fd70e8974d7e85b79fe81880caf3866ac6f26c3be06bffce476f56d2
-
SHA512
22ba6632931e41f4791822cf718df208ba33a2423c740d1291ba3c2a75e5584ef1b6e5f9d984aade0279197fba26473738d961e4221934e56b2628095151d2ad
-
SSDEEP
98304:QcvvmtW8md9UsUKQqEToin4auJQrhS0qJi9Qgp1nv2jwm85GtBOTgeR485yz:QcvvmTAlUKQqETbiJX04iJfv2jxEFGj
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-