Overview

overview

7

Static

static

7

PhantomBin...I2.dll

windows10-2004-x64

1

PhantomBin...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    61s
  • max time network
    64s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2022 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PhantomBinder-main/$PhantomBinder/PhantomBinder.exe

  • Size

    1.0MB

  • MD5

    bd2267854885b36b1b07d9e3e664b7dc

  • SHA1

    dc171d040e9eb672dc0a543742a2fb5347c46932

  • SHA256

    0550d2794a79cede9894bf362683127515e5e3fd5b9a188957e47a0dbd74170c

  • SHA512

    5052cb3687d500518d5f1b04e877225de9749466a0216b22d510db37bde9ba9d6dde390818b5945111f59d3a6c6ddbf795047b7b20defb609a7ec1900fb914a6

  • SSDEEP

    24576:Ak70TrctRILUqcVN6WRwY0DcZccB/kOMt009yoipwCDtpn:AkQTAD4UqcVsWTGYc+Mr0Fo8wCJpn

Score
7/10
agilenet

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PhantomBinder-main\$PhantomBinder\PhantomBinder.exe
    "C:\Users\Admin\AppData\Local\Temp\PhantomBinder-main\$PhantomBinder\PhantomBinder.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll
    Filesize

    136KB

    MD5

    9af5eb006bb0bab7f226272d82c896c7

    SHA1

    c2a5bb42a5f08f4dc821be374b700652262308f0

    SHA256

    77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

    SHA512

    7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

    Download Submit
  • memory/4344-132-0x0000000005070000-0x0000000005614000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4344-133-0x0000000005620000-0x00000000056B2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4344-134-0x00000000058C0000-0x0000000005AB2000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4344-135-0x0000000005CF0000-0x0000000005CFA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4344-137-0x0000000072DC0000-0x0000000072E49000-memory.dmp
    Filesize

    548KB

    Download
  • memory/4344-138-0x0000000006140000-0x00000000061DC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/4344-139-0x0000000070B70000-0x0000000070BA7000-memory.dmp
    Filesize

    220KB

    Download
  • memory/4344-140-0x0000000070B70000-0x0000000070BA7000-memory.dmp
    Filesize

    220KB

    Download