6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34 | Triage

Submit
Reports

Overview

overview

Static

static

6bb1021eeb...34.exe

windows7-x64

9

6bb1021eeb...34.exe

windows10-2004-x64

9

Sharing

General

Target

6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34
Size

2.6MB
Sample

240410-2z8ypagg9y
MD5

27e5fd6b179cc604a92ad40a401f4aec
SHA1

f8a7cd307bb1acfa2ed83d2c9d511bc2891b4332
SHA256

6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34
SHA512

99a2c3a5696751ca1936f2333ac4eca1c3c614b8371dab9c6cf65f0c7fbdc7f2ffb19342cd2b22e99fd4e35ca6a048f4d6494ae2bcecbed639c23fc0a76d28d8
SSDEEP

49152:vCwaz70YMUaqZTbeSAmshGCOljXu0rTuEysKob19dFuAw+W7SCbcZM:nq0mLZBV+GCORXxTuEF/b1/s7ue

Score

10^/10

agilenet vmprotect

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34.exe

Resource

win7-20240221-en

agilenet vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34.exe

Resource

win10v2004-20240226-en

agilenet vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34
- Size
  
  2.6MB
- MD5
  
  27e5fd6b179cc604a92ad40a401f4aec
- SHA1
  
  f8a7cd307bb1acfa2ed83d2c9d511bc2891b4332
- SHA256
  
  6bb1021eebd7375d2080fdc50364ee112fb99c57fad69ff2b7619330d2b86f34
- SHA512
  
  99a2c3a5696751ca1936f2333ac4eca1c3c614b8371dab9c6cf65f0c7fbdc7f2ffb19342cd2b22e99fd4e35ca6a048f4d6494ae2bcecbed639c23fc0a76d28d8
- SSDEEP
  
  49152:vCwaz70YMUaqZTbeSAmshGCOljXu0rTuEysKob19dFuAw+W7SCbcZM:nq0mLZBV+GCORXxTuEF/b1/s7ue
Score

9^/10

agilenet vmprotect
- Detects executables (downlaoders) containing URLs to raw contents of a paste
- Detects executables Discord URL observed in first stage droppers
- Detects executables manipulated with Fody
- Detects executables packed with Agile.NET / CliSecure
- Detects executables packed with VMProtect.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agilenetvmprotect

behavioral2

agilenetvmprotect

© 2018-2024

Terms | Privacy