General

  • Target

    Mega2.8.zip

  • Size

    67.7MB

  • Sample

    240308-c3gaeaeb9t

  • MD5

    e643d2f93b9249031650db188aa49099

  • SHA1

    3826739add5a3331f54d5e4ad4d1ceafe68040bd

  • SHA256

    d71024ea9726f93736b24dbf799992bb9df7cd31e3a3889982a3b63a25a8ff22

  • SHA512

    25fab004b48420845d81c60146c56c22c6e1b5ff17e58bb6a7e51e5228325cdc8de2ac6e45703a344f63a02e7eb067282531969a938224c851009b585019ac7a

  • SSDEEP

    1572864:h59dtLnzpqWs6R3QQCPQRX1gro4vmQxuLJmhUFrT:h59dtzzsf6RA3qFgrvQLJGET

Score
7/10

Malware Config

Targets

    • Target

      Mega2.8/MegaDownloader.exe

    • Size

      5.8MB

    • MD5

      22c2ed2828aeec50fd6dbf002c585605

    • SHA1

      77cc1af52bcf0341d2f8ba11412f193633648632

    • SHA256

      1accc9941baaa9bc9c10ec42948cceb066bb9c902cb8e33fc5a0187e0fe6357c

    • SHA512

      5f085e19ef98c17642e239752bbab04018fcf4647f9d452a0a80f039fea73d24ebeab1861b897d0a4931dc7b0a4a8b13d4316244775ffe5b756d6f13adb1caa5

    • SSDEEP

      98304:blt/CQrd9ttwvJm+BaN6tC3Lo9NdI5x/rKUjFNxvLWB:blIu9t+v0+Bqp3LONdI5NeUjFNxvLW

    Score
    7/10
    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Target

      Mega2.8/MegaVPN.exe

    • Size

      231KB

    • MD5

      5dee97f72358e995d41889a8e363291e

    • SHA1

      17e492de1365e2d145412b593a92af9709b745ab

    • SHA256

      16fd99b8e91ff7c6c7b8d73fb983f112f984ad6efa8f1ad134a5076c85119888

    • SHA512

      34e163f5c27977e44839041b2f422ba5f9f9d661eff20aee3a3b86d9b1f85ed9eb4e834a678674649dd9503e1b70cfb6dc7c33df2bd65759f123223a960cdbc0

    • SSDEEP

      1536:xeZxibGMP/Ce1Az2EV55g+38K1Az2EV55g+38tjFkus:UribGMPqCY5K+38GY5K+38dF1

    Score
    1/10
    • Target

      Mega2.8/Updater.exe

    • Size

      336KB

    • MD5

      7abf36fc62c591fd4fb62074356cd759

    • SHA1

      8d2d6b41ca0a9d47511667f25b070144565950e4

    • SHA256

      98b74e57b924cd14e41ffb4b69856e53f0845befe7bdb376a97db59ccc59ac52

    • SHA512

      5ca3f8f1e59576d244e482f0f014ebb46cfda5b5b4b1e62eab8a3f2797de733363b9e5219e8f3e5ce8e21dc2702e52c20987127f8f4213fade6e24f7908a51ac

    • SSDEEP

      3072:83CBY5K+38/Y5K+38/Y5K+38ut9tfqO9Et2Dz1:8ye5K+38g5K+38g5K+38uXZqO91P

    Score
    1/10
    • Target

      Mega2.8/pVPN.exe

    • Size

      7.5MB

    • MD5

      87baf54d2bc9f19afbe4a3c683b3b4d6

    • SHA1

      fd9992b14733430c5169527e4d1472d0884cb3e2

    • SHA256

      d50f66b377085bafc8a51e337ab74ce9993b0de131b885b89f5e145d30073bea

    • SHA512

      49c6fe978bfd553e4ae6ad118a57bf83048372ae505ef181d8cf6cee1e284d22de66915d3b1ad1a54d47a38a39356c4b86b6de2eb9b10e0c70591bf7b3b91346

    • SSDEEP

      196608:Q63Yq89bUzTQyFymEGa1fuLd9Vn6c0dXe6r:cq+oEyXEukJeW

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Enterprise v15

Tasks