Overview
overview
7Static
static
7Mega2.8/Me...er.exe
windows7-x64
7Mega2.8/Me...er.exe
windows10-2004-x64
7Mega2.8/MegaVPN.exe
windows7-x64
1Mega2.8/MegaVPN.exe
windows10-2004-x64
1Mega2.8/Updater.exe
windows7-x64
1Mega2.8/Updater.exe
windows10-2004-x64
1Mega2.8/pVPN.exe
windows7-x64
7Mega2.8/pVPN.exe
windows10-2004-x64
7General
-
Target
Mega2.8.zip
-
Size
67.7MB
-
Sample
240308-c3gaeaeb9t
-
MD5
e643d2f93b9249031650db188aa49099
-
SHA1
3826739add5a3331f54d5e4ad4d1ceafe68040bd
-
SHA256
d71024ea9726f93736b24dbf799992bb9df7cd31e3a3889982a3b63a25a8ff22
-
SHA512
25fab004b48420845d81c60146c56c22c6e1b5ff17e58bb6a7e51e5228325cdc8de2ac6e45703a344f63a02e7eb067282531969a938224c851009b585019ac7a
-
SSDEEP
1572864:h59dtLnzpqWs6R3QQCPQRX1gro4vmQxuLJmhUFrT:h59dtzzsf6RA3qFgrvQLJGET
Behavioral task
behavioral1
Sample
Mega2.8/MegaDownloader.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Mega2.8/MegaDownloader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Mega2.8/MegaVPN.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Mega2.8/MegaVPN.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Mega2.8/Updater.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Mega2.8/Updater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Mega2.8/pVPN.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Mega2.8/pVPN.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Mega2.8/MegaDownloader.exe
-
Size
5.8MB
-
MD5
22c2ed2828aeec50fd6dbf002c585605
-
SHA1
77cc1af52bcf0341d2f8ba11412f193633648632
-
SHA256
1accc9941baaa9bc9c10ec42948cceb066bb9c902cb8e33fc5a0187e0fe6357c
-
SHA512
5f085e19ef98c17642e239752bbab04018fcf4647f9d452a0a80f039fea73d24ebeab1861b897d0a4931dc7b0a4a8b13d4316244775ffe5b756d6f13adb1caa5
-
SSDEEP
98304:blt/CQrd9ttwvJm+BaN6tC3Lo9NdI5x/rKUjFNxvLWB:blIu9t+v0+Bqp3LONdI5NeUjFNxvLW
Score7/10-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
Mega2.8/MegaVPN.exe
-
Size
231KB
-
MD5
5dee97f72358e995d41889a8e363291e
-
SHA1
17e492de1365e2d145412b593a92af9709b745ab
-
SHA256
16fd99b8e91ff7c6c7b8d73fb983f112f984ad6efa8f1ad134a5076c85119888
-
SHA512
34e163f5c27977e44839041b2f422ba5f9f9d661eff20aee3a3b86d9b1f85ed9eb4e834a678674649dd9503e1b70cfb6dc7c33df2bd65759f123223a960cdbc0
-
SSDEEP
1536:xeZxibGMP/Ce1Az2EV55g+38K1Az2EV55g+38tjFkus:UribGMPqCY5K+38GY5K+38dF1
Score1/10 -
-
-
Target
Mega2.8/Updater.exe
-
Size
336KB
-
MD5
7abf36fc62c591fd4fb62074356cd759
-
SHA1
8d2d6b41ca0a9d47511667f25b070144565950e4
-
SHA256
98b74e57b924cd14e41ffb4b69856e53f0845befe7bdb376a97db59ccc59ac52
-
SHA512
5ca3f8f1e59576d244e482f0f014ebb46cfda5b5b4b1e62eab8a3f2797de733363b9e5219e8f3e5ce8e21dc2702e52c20987127f8f4213fade6e24f7908a51ac
-
SSDEEP
3072:83CBY5K+38/Y5K+38/Y5K+38ut9tfqO9Et2Dz1:8ye5K+38g5K+38g5K+38uXZqO91P
Score1/10 -
-
-
Target
Mega2.8/pVPN.exe
-
Size
7.5MB
-
MD5
87baf54d2bc9f19afbe4a3c683b3b4d6
-
SHA1
fd9992b14733430c5169527e4d1472d0884cb3e2
-
SHA256
d50f66b377085bafc8a51e337ab74ce9993b0de131b885b89f5e145d30073bea
-
SHA512
49c6fe978bfd553e4ae6ad118a57bf83048372ae505ef181d8cf6cee1e284d22de66915d3b1ad1a54d47a38a39356c4b86b6de2eb9b10e0c70591bf7b3b91346
-
SSDEEP
196608:Q63Yq89bUzTQyFymEGa1fuLd9Vn6c0dXe6r:cq+oEyXEukJeW
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-