General

  • Target

    freeware5.0.zip

  • Size

    1.5MB

  • Sample

    231022-rkmf2ahd9z

  • MD5

    6f7388ae739b168cbc8631c3af411e5a

  • SHA1

    6c732eb9a17faf115b93aa29c5c6e48a03600f12

  • SHA256

    2a3017ea0b1f5ea1219af23be207a8d52addf5cb1ed7753c24ae56f8652ff7a6

  • SHA512

    f989ee12a1f6e2c64abab7df5de065fefb121df263319f7fe30b45a8c6fe15855f12267c96b82c5fde9dc24d569572e094772b9f558d5e7465b9befc65c8a2f5

  • SSDEEP

    24576:xFCnXAeOF0+WGlLEA7eYZtnl5OQOGJ8orq53KFY6wMYPa/kSrAIUG4HfwWt1luBn:xhlF0QlwATZZ1X8orq5ftNPa/kSe1fw9

Score
7/10

Malware Config

Targets

    • Target

      Arps.vmp.exe

    • Size

      170KB

    • MD5

      fe855d9b551167430ca07a44bed155c3

    • SHA1

      168cf8d463f3e243f6364e050efd102c74ac5c06

    • SHA256

      65f4165373e1822e542f4fbb8c96be1bb6c977a2fa5057b229cb884b38687d75

    • SHA512

      7c16eb3fa4237f924eb3378175a714c7b5c9463df9d98b09de6ec71f53491a8d26f954aac3994baea94c9a7a574115ba586548830d1058b77cd277ccdc23a96d

    • SSDEEP

      3072:oR5WwF29/icf1/XMkCSNx1AQF3+/ykTmxpOFHAuH153MzSFBL:wRK1XMkCSNvA2fkTsQFPV5397

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Guna.UI2.dll

    • Size

      2.0MB

    • MD5

      f217e8054b7dbbcbd4ab10baf4750588

    • SHA1

      b1c3089e6b895e6415c36beb82516746e19d2b55

    • SHA256

      6a542d4e68417d91d0a21f9e5b85449959325b29e2410c3ef1df7526dd091194

    • SHA512

      ba778f3c3819364954b6681bbdb87cf9ca2c34d8b0e6e76df665a2d93a94c9b421893a977960d24a908bc9b7209749fee65c930ef0776a0195265193846fe56e

    • SSDEEP

      24576:d+NEfBpDsH/bTIRPZyiXeq+Tc7XRbF+TSgkrwf9Pa3oZm8jqG4LEx1npSBeX673f:dB9+OgRpUwXpUeXQq5dn

    Score
    1/10
    • Target

      Ionic.Zip.dll

    • Size

      451KB

    • MD5

      6ded8fcbf5f1d9e422b327ca51625e24

    • SHA1

      8a1140cebc39f6994eef7e8de4627fb7b72a2dd9

    • SHA256

      3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd

    • SHA512

      bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4

    • SSDEEP

      6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9

    Score
    1/10
    • Target

      Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    • Target

      SevenZip.dll

    • Size

      49KB

    • MD5

      23ad60351e197a0f275f2fd37006897b

    • SHA1

      7ceb00c938886a8752f6fcd119eeca3d326f491e

    • SHA256

      3e6bc9ab18cb6a563b1245a4be83733d5212c33cbf6384bed22d20a67d6d1cc0

    • SHA512

      43353174d1eaf073d6a40337f819d44c83d8762c768b4edf458364b1900957a8cc78e404019921866e04e98b6c979686d618a8b9d5b1c0d3d0d48df7eb0ed596

    • SSDEEP

      1536:eOvZcZ5ltg0F1/0Gz9k+aBkUQnv8TLg0z4S9lA:eOvZcZ5J/1Rk+bF8TvhA

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks