Overview
overview
7Static
static
7ASM-Guard/....1.exe
windows7-x64
7ASM-Guard/....1.exe
windows10-2004-x64
7AsStrongAs...ck.exe
windows7-x64
1AsStrongAs...ck.exe
windows10-2004-x64
1AsStrongAs...ib.dll
windows7-x64
1AsStrongAs...ib.dll
windows10-2004-x64
1CryptoObfu...or.exe
windows7-x64
1CryptoObfu...or.exe
windows10-2004-x64
7DotNetPatc...er.exe
windows7-x64
7DotNetPatc...er.exe
windows10-2004-x64
7DotNetPatc...er.dll
windows7-x64
1DotNetPatc...er.dll
windows10-2004-x64
1DotNetPatc...er.dll
windows7-x64
1DotNetPatc...er.dll
windows10-2004-x64
1DotNetPatc...ns.dll
windows7-x64
1DotNetPatc...ns.dll
windows10-2004-x64
1DotNetPatc...me.dll
windows7-x64
1DotNetPatc...me.dll
windows10-2004-x64
1DotNetPatc...ks.dll
windows7-x64
1DotNetPatc...ks.dll
windows10-2004-x64
1DotNetPatc...il.dll
windows7-x64
1DotNetPatc...il.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1NET Reacto...t.html
windows7-x64
1NET Reacto...t.html
windows10-2004-x64
1NET Reacto...LP.exe
windows7-x64
4NET Reacto...LP.exe
windows10-2004-x64
5Analysis
-
max time kernel
130s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11/10/2023, 09:49
Behavioral task
behavioral1
Sample
ASM-Guard/ASM.Guard.2.9.1.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ASM-Guard/ASM.Guard.2.9.1.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
AsStrongAsFuck/AsStrongAsFuck.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
AsStrongAsFuck/AsStrongAsFuck.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
AsStrongAsFuck/dnlib.dll
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
AsStrongAsFuck/dnlib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
CryptoObfuscator/CryptoObfuscator.exe
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
CryptoObfuscator/CryptoObfuscator.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
DotNetPatcher4.6.6.7/DotNetPatcher.exe
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
DotNetPatcher4.6.6.7/DotNetPatcher.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
DotNetPatcher4.6.6.7/Helper.dll
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
DotNetPatcher4.6.6.7/Helper.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
DotNetPatcher4.6.6.7/Implementer.dll
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
DotNetPatcher4.6.6.7/Implementer.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
DotNetPatcher4.6.6.7/Injections.dll
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
DotNetPatcher4.6.6.7/Injections.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
DotNetPatcher4.6.6.7/LoginTheme.dll
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
DotNetPatcher4.6.6.7/LoginTheme.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.Rocks.dll
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.Rocks.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.dll
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
DotNetPatcher4.6.6.7/SevenzipLib.dll
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
DotNetPatcher4.6.6.7/SevenzipLib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
DotNetPatcher4.6.6.7/Vestris.ResourceLib.dll
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
DotNetPatcher4.6.6.7/Vestris.ResourceLib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
DotNetPatcher4.6.6.7/dnlib.dll
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
DotNetPatcher4.6.6.7/dnlib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
NET Reactor v6.9.0.0_fu11/Help/License Agreement.html
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
NET Reactor v6.9.0.0_fu11/Help/License Agreement.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
NET Reactor v6.9.0.0_fu11/Help/REACTOR_HELP.exe
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
NET Reactor v6.9.0.0_fu11/Help/REACTOR_HELP.exe
Resource
win10v2004-20230915-en
General
-
Target
DotNetPatcher4.6.6.7/DotNetPatcher.exe
-
Size
499KB
-
MD5
a4c26f2c2b4c04d4d8ad1cef64704939
-
SHA1
03c6d3a510ad90a39def29b28750a9b2e2d61f31
-
SHA256
9cfb8ebc4ea1d8b1250d3d7f555251a3513207bfbf4aa59335dafed311fbf8fe
-
SHA512
ea7098a5588f13b60adda5421902ee76612113092244f0ba384a7719eeb816c5b4f147e70b5b9ca407eba82f089f147fbca2b3de7e456a14b1deb174664e65e7
-
SSDEEP
3072:msroeFMlyJ5i/aHqWQ7NxR6jjM55FkSozVqT4OSdf8EYJvr72rsUaqT4OSdf8EYV:JQ7NxRdAaUnwO
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral9/memory/2724-3-0x000000001A860000-0x000000001A916000-memory.dmp agile_net behavioral9/memory/2724-4-0x0000000000360000-0x00000000003E0000-memory.dmp agile_net