6a3c5364c921e44dcf927fce156f5eee024eda0645437b598418fd64f3be54d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AGBrowserInstall.exe
Size

386KB
Sample

240109-j1l67sbahk
MD5

20f27e622f0d298cd7af8c9a91ea7b71
SHA1

87aaa3444c7c43e415e6a1fa92bdfd9e5e863359
SHA256

6a3c5364c921e44dcf927fce156f5eee024eda0645437b598418fd64f3be54d0
SHA512

d0c4ea21b2a85bc53ed44449abaabc51b7c611ab24ed8c00110fcfae2c921ff44b5b480fcc47c863cc03f3fc05cdfb1560e37ec85132cdaae3a638ce154d22ef
SSDEEP

12288:ts9R4MNho+qARzl+7LHcXwdBYVUPVBvh:ts9R4MJqKj3VUPVBvh

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/KaladinDMP/AGBrowser/raw/main/ARMGDDNBrowser.zip.001

Targets

- Target
  
  AGBrowserInstall.exe
- Size
  
  386KB
- MD5
  
  20f27e622f0d298cd7af8c9a91ea7b71
- SHA1
  
  87aaa3444c7c43e415e6a1fa92bdfd9e5e863359
- SHA256
  
  6a3c5364c921e44dcf927fce156f5eee024eda0645437b598418fd64f3be54d0
- SHA512
  
  d0c4ea21b2a85bc53ed44449abaabc51b7c611ab24ed8c00110fcfae2c921ff44b5b480fcc47c863cc03f3fc05cdfb1560e37ec85132cdaae3a638ce154d22ef
- SSDEEP
  
  12288:ts9R4MNho+qARzl+7LHcXwdBYVUPVBvh:ts9R4MJqKj3VUPVBvh
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2