a949023db784c4bbd82a2ce3d6957a457efb81dae684dd92bfd3b7fce3b8f679

Sharing

Copy URL

Twitter E-mail

General

Target

Separate-Downloads-main.zip
Size

58.4MB
Sample

211117-t8as9addb6
MD5

3c073afb8b48f12376209a85f43195d4
SHA1

6acd27d995309dac5d22e2f1a1491fb9d1c585bd
SHA256

a949023db784c4bbd82a2ce3d6957a457efb81dae684dd92bfd3b7fce3b8f679
SHA512

8b5fc3dad1e1ceeb05f103169a4f81e5f07490e4e13d4b42beb14a858601be8720f34f78c7f0d94b4c4af1a9ee6182e3bd324bc80a6846773b48ca21df8fd05a

Score

8^/10

agilenet vmprotect

Malware Config

Targets

- Target
  
  Ambrosial 1.16.221.exe
- Size
  
  23.5MB
- MD5
  
  991e3631ef2e4936f383a17bef591bd2
- SHA1
  
  952314c20eede07a7cf660c287830eaa2793317b
- SHA256
  
  8c260cc91749e30447e0f2782ece403724ba0e9624318e686b457e643842ed37
- SHA512
  
  9bc3c4ea0e4a8482034bcd740abf480f64412abfe02849e3b948c9b06027f7696834217f43cb2cd23e32a7138ae628ed44ca5187bc24233b6472b77bf7f452ef
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ambrosial.exe
- Size
  
  15.9MB
- MD5
  
  e3635a875aa0817f0e29544ad9ff84b5
- SHA1
  
  fd65adfd5be0391790442dc1b4d21b7ee4be271a
- SHA256
  
  b9c94c4a6dca1b5a42b05e4814838a9281768ba9267803a554c23b68c0665b0f
- SHA512
  
  132ee0718115097a6b9afc2368bf652d8b04207a6822a9a9e1900bc2921d3b8de384a40eec326e1662bfd7216b29cbe85ceeb8a7d49fe8ed293c4360b8115f0a
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  Release_Version/version.dll
- Size
  
  1.5MB
- MD5
  
  698134af3836f26aecb03f31bc925f38
- SHA1
  
  5b37a229eb1364a325e8e0a201e852740b43bb3f
- SHA256
  
  94e7f6fa6b59866df46fee842355bdca28e41f9abed8a035fb2b56a47a1575ab
- SHA512
  
  826ff154a9caf4b74a93a77009fb9898ec15167cfedc0cc70dab4e66c1e73eed0e43ff9cb7a7bfe1287505e770bc5e701d8823e68601a7c3519673de0365c0ef
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral5 behavioral6
- Target
  
  BadManPublic.dll
- Size
  
  6.5MB
- MD5
  
  80a09e9d26e1654bf6454e965ccb870a
- SHA1
  
  d29f1b51a96ff239aa327e40a977e8cce156890b
- SHA256
  
  06d88ea488e7b2d8b8fba6f368372f02b910835edb9fbf2dd68747e283439ca4
- SHA512
  
  bbf17c8813e83ef02a2f222a8c1e60abee5f8654164a2112d5d62e2cd354df31e2e627bb2296adbef2edfb4f4357c02fb1ba0b15e7e2aee747bdf942c5a619ea
Score

3^/10
behavioral7 behavioral8
- Target
  
  HorionInjector.exe
- Size
  
  427KB
- MD5
  
  fb3652cc3a387c107714440829ac7264
- SHA1
  
  bf1275265b68ac09b54de10be9e0c1f2b48a352e
- SHA256
  
  dd22919a17110bb3d20ede3be4c029af8626d1459f50b2b5534ae2a77cc8c39b
- SHA512
  
  c5a0082b19e2a0c22b75b3ddf1e487ba6b002f0e7455e3fae2442a02c6e2844f2703d3428fcd63b26bb4edca442ab776ec7ad2856c816ba7610c81fd160b4cc7
Score

1^/10
behavioral9 behavioral10
- Target
  
  MetroSet UI.dll
- Size
  
  457KB
- MD5
  
  0cc770f74e150736473fb09956b150ef
- SHA1
  
  dbe409614d8cfa289d1c2636e4867a3566d58bfe
- SHA256
  
  040b98bc9e93ab8d7b26a0fbbd8de4b5c5636e9ab69c4dd0ccddcfda71c4413d
- SHA512
  
  cf76bf248bddbd629ae1cd4851ace2d0607872f1bb44639140025d51c90b855dd4f869cb8e6bbd76ce2567453f655707610c5d2e2ed442dfa13a2c5c4e07b859
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Newtonsoft.Json.dll
- Size
  
  682KB
- MD5
  
  16bdb13a1dfbfb5516b73314bc78ffff
- SHA1
  
  18f3e9f22e73dff91501858866f9f1c71174d5c4
- SHA256
  
  a1502046abdb21ed243d963b98b1e4c1c5646344913eb84d251bbf5b60052178
- SHA512
  
  4cb69b821ce65d5fccccd02279fcf58e8f2dfef540f6322d73523d06036c4129156bd1a47ed2c1c54831c51e27d6b8ecdd5c1c7f55ee8944fc521b5032b15dae
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  7KB
- MD5
  
  7db46eeaf6156830500d4e5deda518f0
- SHA1
  
  569cb58cb2c440b3184140cdf3736126f99dae70
- SHA256
  
  747e16a97e2c34c7b5f301c0be2a16a01fdf87819800f8f3f5babd74db222f8e
- SHA512
  
  f43fc228a60146df7a37c8d1573c07e074a27ef58e9c70a68820bafaf8fdd2d8208335e7b3251d2e603c3fe46931cd46c418d7037fe703264f914d113088b4a3
Score

1^/10
behavioral15 behavioral16
- Target
  
  ure tyjk5_[unknowncheats.me]_.exe
- Size
  
  152KB
- MD5
  
  c811e780c92307a794b5eb96f2dee20f
- SHA1
  
  e8df4ec21a47a7d232c564f0ad6a3449da49bd56
- SHA256
  
  ab13f18df7871d26770fed8775fa5ba7b220705b7ae0405f50e5e27e3cfbb2ee
- SHA512
  
  3fe390098c34f89ce58fa663b4416f03b4cfe06500645b65dff60476a5f3e7604d3744da55f0043908b81e7c15aa2d11adb7c0f0694a3f3ae055613a9d979205
Score

1^/10
behavioral17 behavioral18
- Target
  
  Coffee (1).exe
- Size
  
  1.4MB
- MD5
  
  235aa72b4fb4b2306ece386b744a24c8
- SHA1
  
  ba38baa996854dd6ed41f62626d6bdd66e6ef247
- SHA256
  
  4bcc29096d98a0707de7159f42fdd90e81a2d9274a68a3e44da66bf114e48438
- SHA512
  
  173db0a30d1fd9fb45b27d214af63dd31e7e60b7aab301a4d9f5de1e8ce6e365817996080591bd7ade7295000e696696cb62d3662154e033e2ae7bbcd374b721
Score

1^/10
behavioral19 behavioral20
- Target
  
  Coffee 1.16.220.exe
- Size
  
  7.5MB
- MD5
  
  ca07654a0459f528dba5ad054006ba77
- SHA1
  
  fd9e8558ae27db2b09f1bfb057292280eec28920
- SHA256
  
  56e5e14866628f021aec6abf3458faa488bac72c2666fdff8192cde7d17be376
- SHA512
  
  8997ecf78a4e7272b4bddd4aaf6e061619f0d825d3a9642da91d7fbccd8bbf710828570eae4052c43e100b76b79133de8305d40fdb104e0d66a82e17890076c7
Score

1^/10
behavioral21 behavioral22
- Target
  
  Coffee NOT SURE VERSION.exe
- Size
  
  1.4MB
- MD5
  
  235aa72b4fb4b2306ece386b744a24c8
- SHA1
  
  ba38baa996854dd6ed41f62626d6bdd66e6ef247
- SHA256
  
  4bcc29096d98a0707de7159f42fdd90e81a2d9274a68a3e44da66bf114e48438
- SHA512
  
  173db0a30d1fd9fb45b27d214af63dd31e7e60b7aab301a4d9f5de1e8ce6e365817996080591bd7ade7295000e696696cb62d3662154e033e2ae7bbcd374b721
Score

1^/10
behavioral23 behavioral24
- Target
  
  Fate.Client.dll
- Size
  
  97KB
- MD5
  
  5705ccb66070bc51c725a307518d5794
- SHA1
  
  f3c2d1fa1c238052c5e926d406c32081931b4aad
- SHA256
  
  d835bb2d1a3a6df132dee97de30358ad2853fd1b3f329c7d8eb2090c59b30828
- SHA512
  
  f53429d9a1ad0716de99ecdcfa551d9bec4a92c401cc7cf525f31d74951e32045d4e1f968dfa77189106a2eae267d4c4d238ccc6892f0fa2dabaf6135c5edde1
Score

1^/10
behavioral25 behavioral26
- Target
  
  FateInjector.exe
- Size
  
  3.7MB
- MD5
  
  9e6de7c7ebd1a00c2f7ddec78ba9403a
- SHA1
  
  65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297
- SHA256
  
  77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d
- SHA512
  
  f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9
Score

3^/10
behavioral27 behavioral28
- Target
  
  Fate.Client.dll
- Size
  
  97KB
- MD5
  
  a52b01e495868f6d5c1ea8beba6e6d7d
- SHA1
  
  e1c5ab1dacb39f19a8edf0be1a2e301917bcfccb
- SHA256
  
  4fe8f52286ac4e6773b3cdea005c447da3a2e6ec13e0d76eead717eccd0b0028
- SHA512
  
  e3c83c361435da5071306d2bd2ef6a992a2d190d7bac2ccfe74f80a640759719aef707a0efee5fb06a891484f0e36497c27f5b3bfc47c52816163b0db0737e1d
Score

1^/10
behavioral29 behavioral30
- Target
  
  FateInjector.exe
- Size
  
  3.7MB
- MD5
  
  9e6de7c7ebd1a00c2f7ddec78ba9403a
- SHA1
  
  65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297
- SHA256
  
  77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d
- SHA512
  
  f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

VMProtect packed file

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32