acd284ea5d10e6f371965a131092dd33ce07fcec4dbb876210d6eb9b829f1418 | Triage

Sharing

General

Target

Appfuscator Crack V2.zip
Size

7.6MB
Sample

230614-sz7aesag52
MD5

e6aa7252a11ee1b6b4bc644465cc6ad8
SHA1

c74debcbd6f69dc28e91e335cacc028163f006d5
SHA256

acd284ea5d10e6f371965a131092dd33ce07fcec4dbb876210d6eb9b829f1418
SHA512

672a42f12257b5093bb7f17bd54f866d1559c9471173fde12ce063f960a88cac343abd76e189fde11eae065aebeff548869e1cc01e4a51d424a9a86437f1eebc
SSDEEP

196608:V1anYFeoMB4WlTI5JK3O/liZaPY+OLZOr6b+HgcxXydXVG6kwAtNniA:Vcn4ezy0TI5JKyid+OLZOr6bYDVydXVI

Score

9^/10

agilenet evasion themida trojan

Malware Config

Targets

- Target
  
  Appfuscator Crack V2/AppFuscator.exe
- Size
  
  6.4MB
- MD5
  
  069bc1539b09eb79536cee398d67383f
- SHA1
  
  7145e990c38bb3520c2b1424757bcaad710801f9
- SHA256
  
  5e5d5817a92b59969f7ff4d60ed9e0f0da2a834878ef68d2e222b7548dbcd02d
- SHA512
  
  5bba9859040fe888c6b8a3b5ecaef666ed941d9dcb655743339787f6c4e726eb835f8ed552c66d6c97086fcc58ae90c59b4f6d3dac400c652a8bc3cbeb9726e6
- SSDEEP
  
  196608:SaBMZGIC9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKD:3BuGNkYVI5DK2NNs6LtYdEhSp
Score

9^/10

agilenet evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  Appfuscator Crack V2/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral3 behavioral4
- Target
  
  Appfuscator Crack V2/Mono.Cecil.Mdb.dll
- Size
  
  42KB
- MD5
  
  ec602fe75ad2447f6c40c253ad77a860
- SHA1
  
  32018deb857936c16cd3f971c6020e34d1718b67
- SHA256
  
  7aff7a0c8b14b02952cb028e8a39eb7c862b89df7499ef684aa2374b46da5513
- SHA512
  
  b65e238a1f58f9e355e1f3e539aec3f0ae2c14c203a2e6ea4bf4bc428fa8bb3ac5b9ecf310448ca6054cb83e053270f0dcbae5d753b76f21bf2b6a930195be50
- SSDEEP
  
  768:6qgBelOEdZagw3gn6qIZgWbPmKkBnjjwl+N/6N63+Iu7toi6:jmFiZaxgMgTNjC+UQ3+Iu7F6
Score

1^/10
behavioral5 behavioral6
- Target
  
  Appfuscator Crack V2/Mono.Cecil.Pdb.dll
- Size
  
  79KB
- MD5
  
  b30b9ce2a7bece6959dba927eb3ea1a3
- SHA1
  
  97eaaee53e587cba6159667a3c4d497669b989bf
- SHA256
  
  e6bc17982d5fb058d2778629ddf03742319941881c36fa8095badfd7cc72ff4e
- SHA512
  
  75f34e2c133f1875eafc8a935d0d820a08f9a7d76010c8e79238c19774589e354edcc7b2daf6747753e0085fe88b84d04bd766e54c8a848d87b1d109704ae243
- SSDEEP
  
  1536:LA9CnZBnyxYMzacPTTS0NbVD6nzJ6cMPwxMl8WS:LA4WZrTS0Nbp6zc4xvWS
Score

1^/10
behavioral7 behavioral8
- Target
  
  Appfuscator Crack V2/Mono.Cecil.Rocks.dll
- Size
  
  23KB
- MD5
  
  d64f8b0830090fdf1b48aa7f6b442a1e
- SHA1
  
  2acaa4e39d9e31302fed92947fa51d4c940d829a
- SHA256
  
  59b6b9f7e9f4f3db6c2ee372d9b0300992e2aac9d240fb76e51c7bb27495f5a9
- SHA512
  
  5732a3d432df08c0898d908800b0e84524c73ddad40ac731746112759126b45bbe43cf009f3d4712ab0a72444d24f76c64019a23aebe370dd5ea64b80538c2f3
- SSDEEP
  
  384:SIGYInS5SQ1MNaBRd9qUYwe/7Xv42hiQgnT+BNHo2RGFZMzEbSjr/hYR7b+q9/w:SIGYIi913Xkw+Tv4iij6NHpGTH3l9/
Score

1^/10
behavioral10 behavioral9
- Target
  
  Appfuscator Crack V2/Mono.Cecil.dll
- Size
  
  271KB
- MD5
  
  b1c7da53f32e6425b84c118047fdfab4
- SHA1
  
  643d8531ae4e924b57066778883caec4ed7f8f4b
- SHA256
  
  ae75bf2566a936b86bef42731f1ef32d17b4d496931ad8278d07b9b5076def1d
- SHA512
  
  d6f3db75672cef693cd6249df999c4ba6106ccdb1aade534d2cd55bca87899826209109c4191f33e2c6ca6e072f2774eb6cd093bedfd4b6bc005b68214bacff9
- SSDEEP
  
  6144:fdeEoRWiECsEvx/9D7aucVRLQudsE0Gv8hUBKdJDkPl6X:VNotEC9xVXARdv8hQ
Score

1^/10
behavioral11 behavioral12
- Target
  
  Appfuscator Crack V2/Newtonsoft.Json.dll
- Size
  
  382KB
- MD5
  
  8611795b70cd1f321cb5cb5aad95ff7b
- SHA1
  
  3adf7d5b701c2ee4af9faa79c36fc724a73a1427
- SHA256
  
  cfc2edd8ee6a9e91719e493a8ee26938b59d8a2485d8bd4841fa34e9d6fef573
- SHA512
  
  1658d0dec157dcbb008bda2bc3db227d605c4ad56b853f81a8d8571bb49e8d56780c994447cbd6fa88a2bbae9985ddcb43f8bce032010674eeb78a1f1e7d9486
- SSDEEP
  
  6144:t+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzb:0Pw2PjCLe3a6Q70zb
Score

1^/10
behavioral13 behavioral14
- Target
  
  Appfuscator Crack V2/StackTraceDecoder.exe
- Size
  
  246KB
- MD5
  
  b8bf157eed7bd27199bd7154c116c7b0
- SHA1
  
  df607563da0203e12a57ae4d3ed5ff51802f58ed
- SHA256
  
  5b15601c7db081bb5897ee1c3037abd675cf3dd4a6d7d1487f33713182890c23
- SHA512
  
  cb2769b2b7ac2dd2b02811eede61795f5ab882eaa49df6db6b50e2ddd85933b1e6f75a6382ab75b3da49115d869e6c67cad03876a255f6233751e759a055a5d8
- SSDEEP
  
  1536:gUnGdjjJ0Z1j2HawJAX4lXkmwtvkjxXpKXkdwtGkjb:gUnmOZzRXW56kNXsG/kP
Score

1^/10
behavioral15 behavioral16
- Target
  
  Appfuscator Crack V2/WatermarkDecoder.exe
- Size
  
  45KB
- MD5
  
  1170198cd869a9767ce44b5a2343ef05
- SHA1
  
  b579fc5c205f89b1324f301aef02de58c536d84a
- SHA256
  
  5c745208815ef1ad703586ef1ab5ed8bf1ee2f7d5900c32a75b4f711ac3fed77
- SHA512
  
  5b57832ff5a17401815bb962c128dc5e400fd361979b2d83435024bca0a7947eebeba89e3a0be08524bf3ad835fc02c930e7a4122243e5a7275e2aed5c606603
- SSDEEP
  
  768:xMuEJvcoBUYsH57CsyPpDgsmx8/Pb0fgk:xMNJyMP5Canbsgk
Score

1^/10
behavioral17 behavioral18
- Target
  
  Appfuscator Crack V2/unins000.exe
- Size
  
  2.5MB
- MD5
  
  61859891f371ac2ce1c892f3baae796b
- SHA1
  
  26cfd62d65cb12608d0ac5d56b2d4b7b8045c591
- SHA256
  
  c6dd4365001767875e9a9e61c90baeee1ac5726301105018237b30f9028a196e
- SHA512
  
  d059d84eb280ac8c64db3d276a35e5995ce9349a739668fe34be2056b0962112343fa43a2fa146cb05d8a65515b6065a7f96839c3a19fcccb2a59edeadcc9c0e
- SSDEEP
  
  49152:1R/KpmZubPf2S8W2ILeWl+C1p9jWy5Snd0eigXNa:b/jtYLP1Sy5E0p
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

behavioral2

agilenetevasionthemidatrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20