General
-
Target
Agama.exe
-
Size
79.1MB
-
Sample
231127-s1e8bshe6s
-
MD5
25af94919854a7dae5d2ba4daadd69b4
-
SHA1
97d1b11b345ff3c8a42b8683b4ed82c21249e8d3
-
SHA256
b049c8e7a483dd286321778344b4501e29dbb067003a701d09f07bf3e6a1d1d2
-
SHA512
56699d6b83a441420401d5b2689bc9908fd54e9de66fbf572976cfc4ade0ac57e5f7a6a4bcac5375d088f75d557f0e2113b4bcf024de8e868883c6fa31ee3012
-
SSDEEP
1572864:72MmiJR5QYHJiPWSk8IpG7V+VPhqoHZE7hHp5t1WlsnghowmaOllIW3a9Fg7BPna:7ZmCxpPSkB05awoH0JjksghfxOllIaaP
Behavioral task
behavioral1
Sample
Agama.exe
Resource
win10-20231020-en
Behavioral task
behavioral2
Sample
Agama.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
Agama.exe
-
Size
79.1MB
-
MD5
25af94919854a7dae5d2ba4daadd69b4
-
SHA1
97d1b11b345ff3c8a42b8683b4ed82c21249e8d3
-
SHA256
b049c8e7a483dd286321778344b4501e29dbb067003a701d09f07bf3e6a1d1d2
-
SHA512
56699d6b83a441420401d5b2689bc9908fd54e9de66fbf572976cfc4ade0ac57e5f7a6a4bcac5375d088f75d557f0e2113b4bcf024de8e868883c6fa31ee3012
-
SSDEEP
1572864:72MmiJR5QYHJiPWSk8IpG7V+VPhqoHZE7hHp5t1WlsnghowmaOllIW3a9Fg7BPna:7ZmCxpPSkB05awoH0JjksghfxOllIaaP
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1