General
-
Target
GTCCrackingToolV2.0.exe
-
Size
9.5MB
-
Sample
250326-glzsms1qt9
-
MD5
4790b00f8d08c3123a93a6bb0581f496
-
SHA1
46810574ef29fad1f4591524b000fb385009f804
-
SHA256
e9e3295ae8cd8261e5d9a200e25da5fe01b0126d170af749892ff52c3af58e2b
-
SHA512
181641a00853d0fe070ad88046c60ee592e78f9e3282a5623862156a91f00fc48a716315762737b6794f3a07ecbd0069a84f2162ff86b967617537a43698ea70
-
SSDEEP
196608:8ug/f7c2fOpS6qL0QPaNEfJYNYihp5cYughj3gXDJMIOaV:jgnI2fwqL0QlfJHihp5cYtJwXDq0
Malware Config
Targets
-
-
Target
GTCCrackingToolV2.0.exe
-
Size
9.5MB
-
MD5
4790b00f8d08c3123a93a6bb0581f496
-
SHA1
46810574ef29fad1f4591524b000fb385009f804
-
SHA256
e9e3295ae8cd8261e5d9a200e25da5fe01b0126d170af749892ff52c3af58e2b
-
SHA512
181641a00853d0fe070ad88046c60ee592e78f9e3282a5623862156a91f00fc48a716315762737b6794f3a07ecbd0069a84f2162ff86b967617537a43698ea70
-
SSDEEP
196608:8ug/f7c2fOpS6qL0QPaNEfJYNYihp5cYughj3gXDJMIOaV:jgnI2fwqL0QlfJHihp5cYtJwXDq0
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-