Overview

overview

7

Static

static

7

FRPFILE AI....8.exe

windows7-x64

7

FRPFILE AI....8.exe

windows10-2004-x64

7

FRPFILE AI...IO.dll

windows7-x64

1

FRPFILE AI...IO.dll

windows10-2004-x64

1

FRPFILE AI...bypass

macos-10.15-amd64

1

FRPFILE AI...ypass1

macos-10.15-amd64

1

FRPFILE AI...ypass2

macos-10.15-amd64

4

FRPFILE AI.../erase

macos-10.15-amd64

1

FRPFILE AI...se.dll

macos-10.15-amd64

4

FRPFILE AI...estart

macos-10.15-amd64

1

FRPFILE AI...f/lzma

macos-10.15-amd64

1

FRPFILE AI...ileact

ubuntu-18.04-amd64

1

FRPFILE AI...ileact

debian-9-armhf

1

FRPFILE AI...ileact

debian-9-mips

FRPFILE AI...ileact

debian-9-mipsel

FRPFILE AI...ct1247

ubuntu-18.04-amd64

6

FRPFILE AI...ct1247

debian-9-armhf

1

FRPFILE AI...ct1247

debian-9-mips

FRPFILE AI...ct1247

debian-9-mipsel

FRPFILE AI...f/mon2

macos-10.15-amd64

4

FRPFILE AI...plutil

macos-10.15-amd64

1

FRPFILE AI....dylib

macos-10.15-amd64

4

FRPFILE AI...32.dll

windows7-x64

1

FRPFILE AI...32.dll

windows10-2004-x64

1

FRPFILE AI...32.dll

windows7-x64

1

FRPFILE AI...32.dll

windows10-2004-x64

1

FRPFILE AI...z2.dll

windows7-x64

1

FRPFILE AI...z2.dll

windows10-2004-x64

1

FRPFILE AI...pt.dll

windows7-x64

1

FRPFILE AI...pt.dll

windows10-2004-x64

1

FRPFILE AI...id.exe

windows7-x64

1

FRPFILE AI...id.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FRPFILE AIO v2.8.4.zip

  • Size

    32.4MB

  • Sample

    240505-bxc55adf27

  • MD5

    cb3aab20a139e7e2004240176888ccc0

  • SHA1

    bd72469c3cab7a819d91091db0fd2a1a69e1b6d0

  • SHA256

    ca1abc263018dd7ec1ef25ef7874167445bfa64d50a549b36624d3d679f597e4

  • SHA512

    f2a30ecd44f3b865e95c5c8f7ac9de009a31f8e9e7697259336ebe226106af7c12bcaba0d4f0e28efe24bf5d9f1ed96addf2cf960aa2f0a8a8501c470f0c6aa6

  • SSDEEP

    786432:mdcHpQia31NFsw8bbOJIr4P0OCU5J1bI7bQ1OoxiMRlTvx2vLOQnnAF3K:kcBaqf09P5s7N+/R1vx2vLOquK

Score
7/10
agilenetevasionlinuxmacos

Malware Config

Targets

    • Target

      FRPFILE AIO v2.8.4/FRPFILE AIO v2.8.exe

    • Size

      3.6MB

    • MD5

      35a75ac8ad394a1baf1f3f6ac2345c20

    • SHA1

      004ebce7f5de3f7011d70d5228d9d42c5adde083

    • SHA256

      9810adae2ead6fdcbb3560f8eb4eb4ae2e41ba3757fb5afbabcf9426f2b7f72d

    • SHA512

      ddaab8467833a46a605ac1873ad89cb0ea2517138edb4556bba3a1cd9919ce709a5ea481f27afce9913908f87255b3f4863601aafd0c11ed669a617219251305

    • SSDEEP

      49152:odzejqO7IbIwWAKlALzIq242Z3DdYc5lICecVVrFA/lvRJyNczzldX4ti4F7yqun:o9e2UlAYq2J3D5Vec/poRU4PXQ1FeqE

    Score
    7/10
    agilenet

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

    • Target

      FRPFILE AIO v2.8.4/FRPFILE AIO.dll

    • Size

      49KB

    • MD5

      4c1dc2e54d54a30d913dc88c140cd1b0

    • SHA1

      17b18c01e300e53e043cbff8ddc170a405399e5d

    • SHA256

      c46d8d477f27de3a9929bee43d6d4584a91ff90b04461b7bd4c294612f26d8ea

    • SHA512

      27ab12de4c96355026b459654733a70efd219fcfbf7cfde7ffd5febb2b0e7e32434d7d1c0db59d9f338c4693254bd410ec78d3bc103f97ad321e1b50580ce711

    • SSDEEP

      768:CTCG2GGdMpZwbYuxjjxLeT/bSuU289E5K7FIrwFOlYIYmzmp3OWa:C/xZGYOe89E/lpzmhO3

    Score
    1/10
    behavioral3behavioral4

    • Target

      FRPFILE AIO v2.8.4/ref/bypass

    • Size

      2.2MB

    • MD5

      0ce80c2aa45ca582e85456f39ca00551

    • SHA1

      852d4177f477e24b7e558578503d29150ffce418

    • SHA256

      794a1f8111f997d650883be1770122b0c48069942ace014c05fcb922d6186d55

    • SHA512

      63994af2cdb0072c3cd2df62376b95d2c601c7e2c1550c3f1cdbf55efe718ab3061ae3e043f5d211bda5801fe986d15143a4433a78c58901a5cecd8ff3081d2a

    • SSDEEP

      49152:kUOewCj9La78cTBNqVM2m/r4NyOfSvothpD:kUOuakw3Op

    Score
    1/10
    behavioral5

    • Target

      FRPFILE AIO v2.8.4/ref/bypass1

    • Size

      2.1MB

    • MD5

      c502aa632abc8a8b6b85ed1548490240

    • SHA1

      84d110088c06be51e043d74df20169e815d98e9c

    • SHA256

      2454be8c9efb99ee556902fe08cbd8693f263e2d3b9dd4e51e07db58bda20a39

    • SHA512

      98c34e0e57d01298b198232ec49ea364aacc4d13445aa38c3e80fc9b7a0ab5005f247ba1f457181ace0ab0ad391f39881689fa64165ae1cf7b2e63af70987b36

    • SSDEEP

      49152:T52Rwnd0t3hntT2IfOvLxKhpkAvhGluyQruPzEpM0:TYphtTX/xv4oVruw

    Score
    1/10
    behavioral6

    • Target

      FRPFILE AIO v2.8.4/ref/bypass2

    • Size

      2.1MB

    • MD5

      8109027e2e0dca054df8a64c0ea8505a

    • SHA1

      fab593e11358b5b474f8ddb190ac0799b7154f3e

    • SHA256

      6bb4bad2cafaad5720abbf3c33407d0e2c253e559cafb9db0b3117eeca013284

    • SHA512

      e2927d53dac4e134ad41de5dbf763a146c29f18ba5ea6db08a61917da51ef4449a668fc9e7f60167139c076fd02863168e06342e238541b9cc60ad38b01722c2

    • SSDEEP

      49152:oTude2nIVTdigkh8JQtLN5eNR/Oi7GqVuBluoiFOGN:oMhDt3ezdG/luQG

    Score
    4/10
    evasion
    behavioral7

    • Target

      FRPFILE AIO v2.8.4/ref/erase

    • Size

      154KB

    • MD5

      eb25a410c931afdff391b3ae293fdcab

    • SHA1

      5f9b5f35248fd44d766cdc1fc159e3602c688e9f

    • SHA256

      edd498043f90b544126ae925e7835660e5c3ffdf236973ff6e7709d7d900c50e

    • SHA512

      f75570a646bcc592c96383647e2c4eef322dfd5db95bb268341c37e2003f5012064393e0b678ac20aba214ae0432d59634f9976b6f2a337094741aedf1ebabbd

    • SSDEEP

      3072:fXplbFI6BrXTBCx0bwuaz0WrstZdPy+YhyCu+Hij:frV+Q3k+

    Score
    1/10
    behavioral8

    • Target

      FRPFILE AIO v2.8.4/ref/erase.dll

    • Size

      138KB

    • MD5

      9849ef9b005b43d8189eb6e6b3d3a076

    • SHA1

      3285e7815b4b7d19425141efee53abf30a761727

    • SHA256

      7900b24d80fbdc23fb5bc2cdfb30ecce2ec8404e59834208dd2c3be2af939955

    • SHA512

      edd5ac104098b57cce3a4cc32667be4d0fe8c6afa416b45ce2119fbab566f074bbebf7de3e334cd430b7460c49e6cb50593b512247c23b1e1b7b3e9d6a6fbd11

    • SSDEEP

      3072:vrPXsOzUFmD22iPbvC4VW+Hf0YEiXnXpOu:vr/sO4FmD22

    Score
    4/10
    evasion
    behavioral9

    • Target

      FRPFILE AIO v2.8.4/ref/ldrestart

    • Size

      51KB

    • MD5

      31d67ef520e4faa7dc4960ff39d0e9cf

    • SHA1

      bd53fbde0482f4905b9d22aee6de6ce86ec1ce3b

    • SHA256

      abb37cdd47abd9983faf2450f880804e4b552f5daab05bb9be12cd710b6a0aa5

    • SHA512

      a31cfc34e43575fd224f496a507f6470f84492e37942f573c85ae6b780f26895062f6e1f4bf7dbd549450250a5104622f0fd18f5ae9b20b15e907a045026ffe6

    • SSDEEP

      96:g9DAw+aKxDzB5ZP5QlMg8g3fUSZKHG63xOZnvCykvKrI3wIDIyfjfAUPTg:Iuz15k/vV6wZvCykefufLF

    Score
    1/10
    behavioral10

    • Target

      FRPFILE AIO v2.8.4/ref/lzma

    • Size

      153KB

    • MD5

      99be12646dce14cc28f7b22b46b796b7

    • SHA1

      91892a979f668d544c504fe694c59f1df1584b06

    • SHA256

      629b0189c42cb8875724206658896818699fefbf8364be1aab3a9ff9369f74db

    • SHA512

      46fc128fd4fbc4cb5f3d4d0fa3c47df142d448840f254eaa3eb750790a21ef6c08fc81007f161b57d170068a643d65d9e55809e8a8f3cdf03f309e78863bc360

    • SSDEEP

      3072:pyxEQY9uipHo62ilWwQ9u5K14xiDc/nKRj7HB7hZkB5UTa:467uipIxmWwQ9h1yiDc/ykBi

    Score
    1/10
    behavioral11

    • Target

      FRPFILE AIO v2.8.4/ref/mobileact

    • Size

      336B

    • MD5

      1d230a5f233f232a9763e3593998bed2

    • SHA1

      c7a0e46ce67fcc18baf1288167102d9de69d4caa

    • SHA256

      2c1f5583ee872d69d2393f0b1379e6af524fca9b2a66d2e3585cbbb80ade7e6c

    • SHA512

      ae3e937b5d2be75c3c3615fc56db8212c31e5984378a63536994a2123f7b2ec129d2b2a43c78d2eade7ea015ad8eb857016223e6abc8cf43928ff0738db26b75

    Score
    1/10
    behavioral12behavioral13behavioral14behavioral15

    • Target

      FRPFILE AIO v2.8.4/ref/mobileact1247

    • Size

      406B

    • MD5

      e081ef6ebf41b991575561ae9d9aded2

    • SHA1

      203c9e335c9dde271fd5817043da1165e6b0113e

    • SHA256

      ac551e69e727cbed0c273605c2b088021a4381ec8b8d902ec6ff42c0c2316999

    • SHA512

      e3c9cf7b71ddc7c29ecd40a36fee0fa6a512d06416b7d8ff449e782cd797e2bedf1c756e972d3da992fcb661c77b83f8e0d298dee3b33da82933c44f39cefd44

    Score
    6/10

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral16behavioral17behavioral18behavioral19

    • Target

      FRPFILE AIO v2.8.4/ref/mon2

    • Size

      153KB

    • MD5

      99be12646dce14cc28f7b22b46b796b7

    • SHA1

      91892a979f668d544c504fe694c59f1df1584b06

    • SHA256

      629b0189c42cb8875724206658896818699fefbf8364be1aab3a9ff9369f74db

    • SHA512

      46fc128fd4fbc4cb5f3d4d0fa3c47df142d448840f254eaa3eb750790a21ef6c08fc81007f161b57d170068a643d65d9e55809e8a8f3cdf03f309e78863bc360

    • SSDEEP

      3072:pyxEQY9uipHo62ilWwQ9u5K14xiDc/nKRj7HB7hZkB5UTa:467uipIxmWwQ9h1yiDc/ykBi

    Score
    4/10
    evasion
    behavioral20

    • Target

      FRPFILE AIO v2.8.4/ref/plutil

    • Size

      141KB

    • MD5

      1aec5358ca4cd37561b36b27f47ad121

    • SHA1

      f3331a70172da038ac82506e407c472e3b7815b3

    • SHA256

      06a34463a82c9444df7c4cae46174bb9a34d2fa7d92cc807928e544c4cd02efb

    • SHA512

      110c9431b10bed3ad71a311d84ccd253f51ef5cb4526e8ffadf54f152597e292e1f79612dcbe86df7642641bd297be04de4c55d8d13cf9d6d9b83d822efc96a1

    • SSDEEP

      3072:zXZBMbqcduT8q6kKWyyWnf7ClG3nvIETVG:jbvAdkJ/Wnf7QQ

    Score
    1/10
    behavioral21

    • Target

      FRPFILE AIO v2.8.4/ref/untethered.dylib

    • Size

      103KB

    • MD5

      4c74e73b260d5cd4cfa98b5990efa90a

    • SHA1

      666f143bc76564dfa7824a6b5dbd9825bc18b7d5

    • SHA256

      020f88e5bd33816dcdd234b2005f1106bf6df8ae4a93f8124c0832090be44d02

    • SHA512

      ee0f135c1367298708f5126d97539e36183f808a9109e85c487a31271700fdfa1704f69dd970927f1152508c5a6aa1c33924ee3f68ad9ed678cc619e71456a96

    • SSDEEP

      384:rE5guSXnx6xbEaMKUcjDRnTbwwpGY08znqA7sb9asW022WDg0wwq:rq2gwwpGZ8zzww

    Score
    4/10
    evasion
    behavioral22

    • Target

      FRPFILE AIO v2.8.4/ref/win-x64/LIBEAY32.dll

    • Size

      2.2MB

    • MD5

      eca62bd2ae016ad0fc919403ddf2f17c

    • SHA1

      862b1dbb22b4bcdfe2a20e23955fb8c14c5674e9

    • SHA256

      a66435e4be0175f0820903ffb97b7a9cb2f0eb7cf5f44a8b73c7aa41897610d8

    • SHA512

      d931c68c6bd9a5f85d1ed3917d33e9bbf31d765f90187833bd9473cf7b820a2c97ef6fc496fa1656b65293f09f291b1948bcbfe001b6b22e89320a3e2afc3fa0

    • SSDEEP

      49152:1Gtlq6VVwASOr08S6dVkvgmn++B3VzqbBgp/M+9Ah4Wfu4IU6i0uqvpPPLx6bR:20+Bmn+sv7pH+7qvprx6bR

    Score
    1/10
    behavioral23behavioral24

    • Target

      FRPFILE AIO v2.8.4/ref/win-x64/SSLEAY32.dll

    • Size

      355KB

    • MD5

      9110a3151c2ed87b61750e07f5a07f27

    • SHA1

      ca98def897d89dc7d1bde6661f670de85f68b3c3

    • SHA256

      84c643e9e16b9d67621b31e0d9e2e957502e4508e31566b4cce075dcf5d3bfee

    • SHA512

      6529c6afc25ed253f9ce083a8721ad49c9405fa244bdb802cfca1eee94dd4a6d1ab9bbfb960dff1185a12fbca8c1d2d444290db08eaf2477cccbd78d59a0aabb

    • SSDEEP

      6144:WEQ6HnUhZKB5ce3C8kztP0BFoY/JmCZEVoLTQcs4NMuDyOtGEYRtYv6euT5sYBg9:WEhUhZKB5ce3fkzd0BFoY/JmCKa3QcsK

    Score
    1/10
    behavioral25behavioral26

    • Target

      FRPFILE AIO v2.8.4/ref/win-x64/bz2.dll

    • Size

      73KB

    • MD5

      9c6726f8962022e6ba776c984c4e2704

    • SHA1

      5e7a563c0462de462a69bd7351b852ab6de7e921

    • SHA256

      ddfafc5fad33635ef84b679b4fb7191ace66d0db60948a4f01aacd7e92ce12be

    • SHA512

      9c1f54acd71b0ea46286d2f30946d2674a2027612fdad6918f1e75fd0baa8226d58e3adc24ac09e093c25826e78699b623c9aed8917c77f96d5a7f5d615d0b3e

    • SSDEEP

      1536:mQd7nQFDKehZdbIQpwbvI3+MDyBOrY/2zQnebI5GjAXkLapWNiRU7oZm9yBOr6/H:mQytIQpwbvI3+MDyBOrY/2zQnebI5Gj9

    Score
    1/10
    behavioral27behavioral28

    • Target

      FRPFILE AIO v2.8.4/ref/win-x64/getopt.dll

    • Size

      19KB

    • MD5

      3c38201a1354890260a5c3af942d1929

    • SHA1

      eaf9a4203b884b5d41d38184f4e45fe415558ed3

    • SHA256

      b3ba9b3f5a55df4faa3df841d7124fc929f6fb28a33d153aeea85fa0416c00bd

    • SHA512

      9cdaf01bc090a30196faa7c38cf8a1b4c4c0ceb2a7750e45de3f762aff3c980b045c4a229dbcf2b745e7816dfeb838e896db900adfccb4ebe5ec98915dee2b34

    • SSDEEP

      384:MmXNDYkWMu59bX1nOvbGaGgU2oRCTGONnc:Rqtv1KqaHowx

    Score
    1/10
    behavioral29behavioral30

    • Target

      FRPFILE AIO v2.8.4/ref/win-x64/idevice_id.exe

    • Size

      13KB

    • MD5

      523ee43c4d817b428c04ab14ea6ab6ef

    • SHA1

      54376dcc9ee76335572c39cc51df24b54d73eaf8

    • SHA256

      1c79e0bc0f02dc089db588e6d775a69d3761f53cebdb80d306b2758a6e87baff

    • SHA512

      274a50b113408ff466301fe5cacf7e4fa7a17030f1a939ec6e400b7fc4013a9dfce5cb740ea0f260705da352003113ebf0308c32be788c4eb50672f1b55c997d

    • SSDEEP

      192:3Ofe9eK19P8tE6CGHN6SLOKJVSCkeKqYL7JVcsQ5tfuXU/:3Ge959PCNCsLXsT/VmsJ

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

4
T1564

Resource Forking

4
T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

agilenet
Score
7/10

behavioral1

agilenet
Score
7/10

behavioral2

agilenet
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

evasion
Score
4/10

behavioral8

Score
1/10

behavioral9

evasion
Score
4/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
6/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

evasion
Score
4/10

behavioral21

Score
1/10

behavioral22

evasion
Score
4/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10