General
-
Target
Astral.rar
-
Size
15.4MB
-
Sample
230414-cdxk4afe42
-
MD5
c8e7dc1384f8ec1fe1d704d0a8cb102c
-
SHA1
79cbafd1d35586a0ecf8c059e9eb61824c7bc6a9
-
SHA256
0e173c2a2d3d5e7b98d3e93423e6f3cb906459ff9a61d9e7c451787411995612
-
SHA512
1c02f5311db38d7297c6dfc6c8f9f55ae9d38cd73f3c17a5adadea8003c2a020a13b33f09c79c1749f24c80516349536939404c66891fb0768b934739e64b199
-
SSDEEP
393216:1BPTaFckvsrgFIuOhXYGU04z9ZGceZen/UxZ+/FzeUww:1tGqkvignOhIGpkrvn/cUNzX
Static task
static1
Behavioral task
behavioral1
Sample
ASTRAL 2.0/Astral.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
ASTRAL 2.0/DNGRTx64.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
ASTRAL 2.0/Astral.exe
-
Size
12.8MB
-
MD5
1ee5f98fbb806a712f1b604fc4c4c28a
-
SHA1
cdad412d23992b37dacb37286e9c149cef5fd05f
-
SHA256
566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d
-
SHA512
01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f
-
SSDEEP
196608:8R8RPkEivhLzXkZgJPCryHhM1Y2PyIiT8S6RDYv7L1IOUTcEdfL:8R8RPkRvh/JWyHySTKU7L1p2cE
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
ASTRAL 2.0/DNGRTx64.dll
-
Size
5.3MB
-
MD5
a428c3e775add87c7915381a88061888
-
SHA1
aaf1ef5d8924e92961bf81d07c2d6886e1e01585
-
SHA256
ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a
-
SHA512
29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1
-
SSDEEP
98304:yTPCS2FAxDgcE2WT6GFmtMImE2g5gKU/eh8ZnPbLMvlllmUjTF3WlN/vd:hcD7mCtXmpd/egPbLMvXQ+GlBd
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-