c18a8fbb2ee9b773aa51b3bf0d725e854252a549e9561d6ba348a7449e411c6d | Triage

Sharing

General

Target

PhantomBinder-main.rar
Size

1.7MB
Sample

220920-zwdx2aech6
MD5

ffbabf46f2ef7b3d0a894148c2644124
SHA1

5aa304d16c38b05428f01214feb913c92eb5d743
SHA256

c18a8fbb2ee9b773aa51b3bf0d725e854252a549e9561d6ba348a7449e411c6d
SHA512

5dc9a9351f77ae7506945640adcf07a72b3463b956b939a9a9a9024f3bb7457a03dbc482b36195f64d7fe60a02562d03a7d4a45877bf64d837b8a3bf9d4bf06d
SSDEEP

49152:kJmEdV549i7b/ZSv0bRlsyXGbjlX2D5pT+LB7kbi:k8EH5494b8v0bRCyWbSpTK7L

Score

7^/10

agilenet

Malware Config

Targets

- Target
  
  PhantomBinder-main/$PhantomBinder/Guna.UI2.dll
- Size
  
  1.9MB
- MD5
  
  0f07705bd42d86d77dab085c42775244
- SHA1
  
  7e4b5c367183f4753a8d610e353c458c3def3888
- SHA256
  
  cf9b66e11506fa431849350c0cb58430a71e5ec943d2db9ef1b2e2302f299443
- SHA512
  
  851b1a4c470ee7fe07ce5619c16fd391428585926c5b559694a9e445633ea51ec86c74a3bbf3bce39d943c4bf714dad2fd3c4a4d0703be2333541c79a2ee97f0
- SSDEEP
  
  24576:m8Yq6KN2liAVp0j4DuJPbTzcH7DlktjfEzgKxGgcKM8Q3xajfgY236RYgPNsP:drCqfE0KctKM8Qv6RYgPY
Score

1^/10
behavioral1
- Target
  
  PhantomBinder-main/$PhantomBinder/PhantomBinder.exe
- Size
  
  1.0MB
- MD5
  
  bd2267854885b36b1b07d9e3e664b7dc
- SHA1
  
  dc171d040e9eb672dc0a543742a2fb5347c46932
- SHA256
  
  0550d2794a79cede9894bf362683127515e5e3fd5b9a188957e47a0dbd74170c
- SHA512
  
  5052cb3687d500518d5f1b04e877225de9749466a0216b22d510db37bde9ba9d6dde390818b5945111f59d3a6c6ddbf795047b7b20defb609a7ec1900fb914a6
- SSDEEP
  
  24576:Ak70TrctRILUqcVN6WRwY0DcZccB/kOMt009yoipwCDtpn:AkQTAD4UqcVsWTGYc+Mr0Fo8wCJpn
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2