Overview

overview

7

Static

static

1

ASTRAL 2.0/Astral.exe

windows10-2004-x64

7

ASTRAL 2.0...64.dll

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Astral.rar

  • Size

    15.4MB

  • Sample

    230414-cdxk4afe42

  • MD5

    c8e7dc1384f8ec1fe1d704d0a8cb102c

  • SHA1

    79cbafd1d35586a0ecf8c059e9eb61824c7bc6a9

  • SHA256

    0e173c2a2d3d5e7b98d3e93423e6f3cb906459ff9a61d9e7c451787411995612

  • SHA512

    1c02f5311db38d7297c6dfc6c8f9f55ae9d38cd73f3c17a5adadea8003c2a020a13b33f09c79c1749f24c80516349536939404c66891fb0768b934739e64b199

  • SSDEEP

    393216:1BPTaFckvsrgFIuOhXYGU04z9ZGceZen/UxZ+/FzeUww:1tGqkvignOhIGpkrvn/cUNzX

Score
7/10
agilenet

Malware Config

Targets

    • Target

      ASTRAL 2.0/Astral.exe

    • Size

      12.8MB

    • MD5

      1ee5f98fbb806a712f1b604fc4c4c28a

    • SHA1

      cdad412d23992b37dacb37286e9c149cef5fd05f

    • SHA256

      566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d

    • SHA512

      01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f

    • SSDEEP

      196608:8R8RPkEivhLzXkZgJPCryHhM1Y2PyIiT8S6RDYv7L1IOUTcEdfL:8R8RPkRvh/JWyHySTKU7L1p2cE

    Score
    7/10
    agilenet

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      ASTRAL 2.0/DNGRTx64.dll

    • Size

      5.3MB

    • MD5

      a428c3e775add87c7915381a88061888

    • SHA1

      aaf1ef5d8924e92961bf81d07c2d6886e1e01585

    • SHA256

      ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a

    • SHA512

      29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1

    • SSDEEP

      98304:yTPCS2FAxDgcE2WT6GFmtMImE2g5gKU/eh8ZnPbLMvlllmUjTF3WlN/vd:hcD7mCtXmpd/egPbLMvXQ+GlBd

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks