General

  • Target

    Agama.exe

  • Size

    79.1MB

  • Sample

    231127-s1e8bshe6s

  • MD5

    25af94919854a7dae5d2ba4daadd69b4

  • SHA1

    97d1b11b345ff3c8a42b8683b4ed82c21249e8d3

  • SHA256

    b049c8e7a483dd286321778344b4501e29dbb067003a701d09f07bf3e6a1d1d2

  • SHA512

    56699d6b83a441420401d5b2689bc9908fd54e9de66fbf572976cfc4ade0ac57e5f7a6a4bcac5375d088f75d557f0e2113b4bcf024de8e868883c6fa31ee3012

  • SSDEEP

    1572864:72MmiJR5QYHJiPWSk8IpG7V+VPhqoHZE7hHp5t1WlsnghowmaOllIW3a9Fg7BPna:7ZmCxpPSkB05awoH0JjksghfxOllIaaP

Malware Config

Targets

    • Target

      Agama.exe

    • Size

      79.1MB

    • MD5

      25af94919854a7dae5d2ba4daadd69b4

    • SHA1

      97d1b11b345ff3c8a42b8683b4ed82c21249e8d3

    • SHA256

      b049c8e7a483dd286321778344b4501e29dbb067003a701d09f07bf3e6a1d1d2

    • SHA512

      56699d6b83a441420401d5b2689bc9908fd54e9de66fbf572976cfc4ade0ac57e5f7a6a4bcac5375d088f75d557f0e2113b4bcf024de8e868883c6fa31ee3012

    • SSDEEP

      1572864:72MmiJR5QYHJiPWSk8IpG7V+VPhqoHZE7hHp5t1WlsnghowmaOllIW3a9Fg7BPna:7ZmCxpPSkB05awoH0JjksghfxOllIaaP

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks