General
-
Target
freeware5.0.zip
-
Size
1.5MB
-
Sample
231022-rkmf2ahd9z
-
MD5
6f7388ae739b168cbc8631c3af411e5a
-
SHA1
6c732eb9a17faf115b93aa29c5c6e48a03600f12
-
SHA256
2a3017ea0b1f5ea1219af23be207a8d52addf5cb1ed7753c24ae56f8652ff7a6
-
SHA512
f989ee12a1f6e2c64abab7df5de065fefb121df263319f7fe30b45a8c6fe15855f12267c96b82c5fde9dc24d569572e094772b9f558d5e7465b9befc65c8a2f5
-
SSDEEP
24576:xFCnXAeOF0+WGlLEA7eYZtnl5OQOGJ8orq53KFY6wMYPa/kSrAIUG4HfwWt1luBn:xhlF0QlwATZZ1X8orq5ftNPa/kSe1fw9
Behavioral task
behavioral1
Sample
Arps.vmp.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
Guna.UI2.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
Ionic.Zip.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
SevenZip.dll
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
Arps.vmp.exe
-
Size
170KB
-
MD5
fe855d9b551167430ca07a44bed155c3
-
SHA1
168cf8d463f3e243f6364e050efd102c74ac5c06
-
SHA256
65f4165373e1822e542f4fbb8c96be1bb6c977a2fa5057b229cb884b38687d75
-
SHA512
7c16eb3fa4237f924eb3378175a714c7b5c9463df9d98b09de6ec71f53491a8d26f954aac3994baea94c9a7a574115ba586548830d1058b77cd277ccdc23a96d
-
SSDEEP
3072:oR5WwF29/icf1/XMkCSNx1AQF3+/ykTmxpOFHAuH153MzSFBL:wRK1XMkCSNvA2fkTsQFPV5397
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Guna.UI2.dll
-
Size
2.0MB
-
MD5
f217e8054b7dbbcbd4ab10baf4750588
-
SHA1
b1c3089e6b895e6415c36beb82516746e19d2b55
-
SHA256
6a542d4e68417d91d0a21f9e5b85449959325b29e2410c3ef1df7526dd091194
-
SHA512
ba778f3c3819364954b6681bbdb87cf9ca2c34d8b0e6e76df665a2d93a94c9b421893a977960d24a908bc9b7209749fee65c930ef0776a0195265193846fe56e
-
SSDEEP
24576:d+NEfBpDsH/bTIRPZyiXeq+Tc7XRbF+TSgkrwf9Pa3oZm8jqG4LEx1npSBeX673f:dB9+OgRpUwXpUeXQq5dn
Score1/10 -
-
-
Target
Ionic.Zip.dll
-
Size
451KB
-
MD5
6ded8fcbf5f1d9e422b327ca51625e24
-
SHA1
8a1140cebc39f6994eef7e8de4627fb7b72a2dd9
-
SHA256
3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd
-
SHA512
bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4
-
SSDEEP
6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
685KB
-
MD5
081d9558bbb7adce142da153b2d5577a
-
SHA1
7d0ad03fbda1c24f883116b940717e596073ae96
-
SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
-
SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
-
SSDEEP
12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score1/10 -
-
-
Target
SevenZip.dll
-
Size
49KB
-
MD5
23ad60351e197a0f275f2fd37006897b
-
SHA1
7ceb00c938886a8752f6fcd119eeca3d326f491e
-
SHA256
3e6bc9ab18cb6a563b1245a4be83733d5212c33cbf6384bed22d20a67d6d1cc0
-
SHA512
43353174d1eaf073d6a40337f819d44c83d8762c768b4edf458364b1900957a8cc78e404019921866e04e98b6c979686d618a8b9d5b1c0d3d0d48df7eb0ed596
-
SSDEEP
1536:eOvZcZ5ltg0F1/0Gz9k+aBkUQnv8TLg0z4S9lA:eOvZcZ5J/1Rk+bF8TvhA
Score1/10 -