Malware Analysis Report

2025-06-15 21:21

Sample ID 230418-rgpf8abh64
Target Ana.Kata.zip
SHA256 32a8929895f1087e1b8b73f8bc4c37ab8bc14d94e57c81be72d5ac30c003843e
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

32a8929895f1087e1b8b73f8bc4c37ab8bc14d94e57c81be72d5ac30c003843e

Threat Level: Shows suspicious behavior

The file Ana.Kata.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-18 14:10

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-18 14:10

Reported

2023-04-18 14:11

Platform

win7-20230220-en

Max time kernel

0s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ana.Kata.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ana.Kata.zip

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-18 14:10

Reported

2023-04-18 14:11

Platform

win10v2004-20230220-en

Max time kernel

24s

Max time network

27s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ana.Kata.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ana.Kata.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 assets.msn.com udp
NL 23.73.0.171:443 assets.msn.com tcp
US 8.8.8.8:53 171.0.73.23.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp

Files

N/A