Overview
overview
10Static
static
10Luxury Shi...UI.dll
windows10-2004-x64
1Luxury Shi...I2.dll
windows10-2004-x64
1Luxury Shi...ge.exe
windows10-2004-x64
1Luxury Shi...np.exe
windows10-2004-x64
10Luxury Shi...ld.exe
windows10-2004-x64
7Luxury Shi...on.dll
windows10-2004-x64
1Luxury Shi...on.dll
windows10-2004-x64
1General
-
Target
Luxury Shield.rar
-
Size
7.8MB
-
Sample
230820-awcmjaed4v
-
MD5
593d9affab728bce74ca68ecaa0d30a6
-
SHA1
6b246de2eaf36f64a9e58eeb300247d37b240fda
-
SHA256
7c4c19bdc7f712ffd61d0d3be3b29c7879d2e619579b5679a8752df806fe35f3
-
SHA512
3bd564efcdd370a1bf71b294ded82d54b34c70ddad32fc31ad35bf98983ac66a257b2629f6afe661b6312cab2222089f19243ad6eebceb20d342b0cbfbf1d0b3
-
SSDEEP
196608:Gjb1/tCi5GDokLtvobPTUXjNxpqTlVF2hG4g5Q:GjloiEckLx8TUnpqTlmQ4OQ
Behavioral task
behavioral1
Sample
Luxury Shield/Guna.UI.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
Luxury Shield/Guna.UI2.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Luxury Shield/ILMerge.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
Luxury Shield/Infected.pnggnp.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Luxury Shield/Luxury Shield.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
Luxury Shield/Newtonsoft.Json.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Luxury Shield/System.Web.Optimization.dll
Resource
win10v2004-20230703-en
Malware Config
Extracted
asyncrat
Default
Kaught-36793.portmap.host:1194
Kaught-36793.portmap.host:53088
Kaught-53088.portmap.host:1194
Kaught-53088.portmap.host:53088
MTjPNΓת1勒ih德h吉kg3Oשwc
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Luxury Shield/Guna.UI.dll
-
Size
1.1MB
-
MD5
8673eae95d67e5eb19f0eca3111408e8
-
SHA1
ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
-
SHA256
576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
-
SHA512
65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
-
SSDEEP
24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score1/10 -
-
-
Target
Luxury Shield/Guna.UI2.dll
-
Size
2.3MB
-
MD5
9fb60db5dbddc1ec521625d416b17aa6
-
SHA1
7f1da0b32a51a59298afae41f14e0ae6691d46a0
-
SHA256
78e51511b28efc474e92d060dd5123343631ee7d3400b6c317a518412c3544db
-
SHA512
5607c16a7f5e51e14e6b697e1171fbbfc7df84ea3395738935bc12a52b5ef7d769071d7d0cd241b3e2daab3bf0657f4f2411da2a3c2091a422287cca79b81b73
-
SSDEEP
49152:dF1h+CUn8yaJS7YmLdxvOOuOi6oUdzt159QoFosA9y9/H8/qW5rwGxdfkowGQJDM:gbLjv9UMGTke41u
Score1/10 -
-
-
Target
Luxury Shield/ILMerge.exe
-
Size
668KB
-
MD5
2bb6322885e6ca0986206de174e842c9
-
SHA1
c5ea70169106d32bc513d28ea76ae8ea1e49380b
-
SHA256
8110d740b485bcb06ff406b17001714c3a146fe6517098c9dc90d812b83389fd
-
SHA512
9750180c54a5bd8f0e1fa8a8f529364430f2ef444efbf8ac51e8d2a0aaa4e3d21fe553865ba8567c7c19e4ae84d04b20464f391743e88c52c00cac0bf20fc2a7
-
SSDEEP
12288:8E8Q+HlWx+TV7109nrRoTQhfL40+FQT7gWoi:hn+HQp9UQ2dFNi
Score1/10 -
-
-
Target
Luxury Shield/Infected.pnggnp.exe
-
Size
63KB
-
MD5
cdc128617b3fa5492f6a4fce1576427e
-
SHA1
42c96d2bf2b90f61df7003670e17553fe78897ac
-
SHA256
21cdcbfeaa08ca6645098af1b3739de9699ad7d54700348915d91c31c04ad171
-
SHA512
642b2589cd4092331d3e84fab22e1b961abd3d5a0a86d7af734edd73d1adb357a5baebeefda04092c7d56207e62b034a93ca8c902e9386c07b03cf13890cbe9b
-
SSDEEP
1536:WmNvVdSJYUbdh98ifu+pbSfucdpqKmY7:WkVYYUbdoCu8bSGz
-
Async RAT payload
-
-
-
Target
Luxury Shield/Luxury Shield.exe
-
Size
6.1MB
-
MD5
40955751ffb3df0dd4cef5728cb0a2c5
-
SHA1
6219105ac9261fd9eedaf9eb103f2a856e43b4ba
-
SHA256
07c5f5c6595f9ccb544b2d78677fce86084b1821474216a6d3d3241701d4692c
-
SHA512
a9bf58a9ef3dbaf01fe42b00dbad3c0455dc9d2da78833a1c05bc98992722ed044d90529272dfaedb62d1c9d09b3336774b82015c74fdc9d1279596756639808
-
SSDEEP
196608:nUJ5nwUlVzBvx4DkwjdtBC5U45+YXGJPVc9hC:UJhfBv67d/C6YXGJdc9hC
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
Luxury Shield/Newtonsoft.Json.dll
-
Size
679KB
-
MD5
916d32b899f1bc23b209648d007b99fd
-
SHA1
e3673d05d46f29e68241d4536bddf18cdd0a913d
-
SHA256
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
-
SHA512
60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
-
SSDEEP
12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score1/10 -
-
-
Target
Luxury Shield/System.Web.Optimization.dll
-
Size
69KB
-
MD5
68abd36d1bc8a214214d4551dcda5162
-
SHA1
72a420f9026890fc6c7f6f3a8050fd4dcf7e2d4d
-
SHA256
321b29486a5c3195574552ad05dba2199572db3a3ba3952bd1ee768cc3f8cedd
-
SHA512
bde5737d5e5bc81089ce89975a52c3f502b76d0b4fc6c0543e8edcc2790cbc55b48a9f8b522a0c87f98388d7d0533fe7048d79a10325f38b5a9c1f3e54c4c838
-
SSDEEP
768:O7wHXoDClYMX6UYg2okay6kz+0TmzYJe+nxPDC0jrqVjSEd6BrQjLwnGUP5HpoDA:OwHMahf2o/BfYJZx7AMEdurKLmDiz8J
Score1/10 -