General

  • Target

    Royal.Full.rar

  • Size

    2.4MB

  • Sample

    230501-r99ymaga29

  • MD5

    c8d06ef9184701388bbf4407a304103f

  • SHA1

    a12f32b92f9c26c0a0808796844d39ef59c1a0be

  • SHA256

    1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f

  • SHA512

    f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab

  • SSDEEP

    49152:OFH026eImiJNJR2J/TT6DTbjmFyEqDVnPD+okNyf183mJ8BN:40Bjms3RkToTbjaVqRnyd72JQN

Score
9/10

Malware Config

Targets

    • Target

      Royal.Full.rar

    • Size

      2.4MB

    • MD5

      c8d06ef9184701388bbf4407a304103f

    • SHA1

      a12f32b92f9c26c0a0808796844d39ef59c1a0be

    • SHA256

      1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f

    • SHA512

      f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab

    • SSDEEP

      49152:OFH026eImiJNJR2J/TT6DTbjmFyEqDVnPD+okNyf183mJ8BN:40Bjms3RkToTbjaVqRnyd72JQN

    Score
    9/10
    • Modifies boot configuration data using bcdedit

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

Query Registry

5
T1012

System Information Discovery

6
T1082

Tasks