Behavioral task
behavioral1
Sample
a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287.exe
Resource
win10v2004-20240419-en
General
-
Target
a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287.zip
-
Size
5.3MB
-
MD5
492074e6d71cbe4c08c5e3d4451e43f6
-
SHA1
5aec8b6b03e9990d580009f3eefc9995c25e8562
-
SHA256
9f8f0f6c917038c7df3ba438e2800558e3a936cfb1cceb3bce68b28d80f26fd1
-
SHA512
f721dad9111f12eb9d15f2fd10ef87643017a9b2c92edd45fbe591ef0f250882067e0f788d99a2eba9e27acb9c719d0607a05a51d62481ec9539b825cd5503cd
-
SSDEEP
98304:8LwNo7ZPpWYGkNx1WF/7IME4+kGrqhhhpOUWhX9pGGhgnPCNSo4XHFMwjBK5/:8LwNuYDkNx8FzFOkIWhh0UG916nPC94u
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule static1/unpack001/a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287 agile_net -
Detect suspicious telegram bot 1 IoCs
Detect suspicious telegram bot.
Processes:
resource yara_rule static1/unpack001/a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287 suspicious_telegram_bot -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287
Files
-
a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287.zip.zip
Password: infected
-
a8370defd90c3d549ca6aef693897f26d1c84983009034d5e13fddee284fa287.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ