Overview
overview
10Static
static
10Protect.rar
windows7-x64
3Protect.rar
windows10-2004-x64
3Protect/Co...on.dll
windows7-x64
1Protect/Co...on.dll
windows10-2004-x64
1Protect/Core.dll
windows7-x64
1Protect/Core.dll
windows10-2004-x64
1Protect/Co...config
windows7-x64
3Protect/Co...config
windows10-2004-x64
3Protect/Custom.txt
windows7-x64
1Protect/Custom.txt
windows10-2004-x64
1Protect/Guna.UI2.dll
windows7-x64
1Protect/Guna.UI2.dll
windows10-2004-x64
1Protect/Hardening.dll
windows7-x64
1Protect/Hardening.dll
windows10-2004-x64
1Protect/Ha...config
windows7-x64
3Protect/Ha...config
windows10-2004-x64
3Protect/Runtime.dll
windows7-x64
1Protect/Runtime.dll
windows10-2004-x64
1Protect/SE...config
windows7-x64
3Protect/SE...config
windows10-2004-x64
3Protect/Saved.txt
windows7-x64
1Protect/Saved.txt
windows10-2004-x64
1Protect/VMUtils.dll
windows7-x64
1Protect/VMUtils.dll
windows10-2004-x64
1Protect/Webhook.txt
windows7-x64
1Protect/Webhook.txt
windows10-2004-x64
1Protect/bi...IT.exe
windows7-x64
10Protect/bi...IT.exe
windows10-2004-x64
10Protect/dnlib.dll
windows7-x64
1Protect/dnlib.dll
windows10-2004-x64
1Protect/dnlib.xml
windows7-x64
1Protect/dnlib.xml
windows10-2004-x64
1General
-
Target
Protect.rar
-
Size
2.9MB
-
Sample
240524-szj5wsba73
-
MD5
3b2cbe7b708cc29f9bd6131bb5f713f7
-
SHA1
748d27ad13d0216f924735317be579ff7adcaa20
-
SHA256
1d8c80f52a16666330f204788cc9eb42d0439a4ff81ae39ffdf3ad3103751366
-
SHA512
3565f70813adbfb06226a26ecd66fb068c03b7a17565bafa5ef507ca49a839d6cff053a682ce27eab25b9a817e5b794bd25dac2b31172b7e8708679eec1f2303
-
SSDEEP
49152:I5Bdkfblp10z/MDhhEEJrneobhInah3edweoDfkOJxm/zDrTUwjzNpOBOzm0:I5BslPKMDhhrVnNS0ew5Ds3zDUwPjOM3
Behavioral task
behavioral1
Sample
Protect.rar
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Protect.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Protect/CodeEncryption.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Protect/CodeEncryption.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Protect/Core.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Protect/Core.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Protect/Core.dll.config
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Protect/Core.dll.config
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Protect/Custom.txt
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Protect/Custom.txt
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Protect/Guna.UI2.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
Protect/Guna.UI2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Protect/Hardening.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Protect/Hardening.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Protect/Hardening.dll.config
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
Protect/Hardening.dll.config
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Protect/Runtime.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Protect/Runtime.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Protect/SECURE BYTE GUI.exe.config
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
Protect/SECURE BYTE GUI.exe.config
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
Protect/Saved.txt
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Protect/Saved.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Protect/VMUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Protect/VMUtils.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
Protect/Webhook.txt
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
Protect/Webhook.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Protect/bimno1-JIT.exe
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Protect/bimno1-JIT.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
Protect/dnlib.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Protect/dnlib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Protect/dnlib.xml
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Protect/dnlib.xml
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Protect.rar
-
Size
2.9MB
-
MD5
3b2cbe7b708cc29f9bd6131bb5f713f7
-
SHA1
748d27ad13d0216f924735317be579ff7adcaa20
-
SHA256
1d8c80f52a16666330f204788cc9eb42d0439a4ff81ae39ffdf3ad3103751366
-
SHA512
3565f70813adbfb06226a26ecd66fb068c03b7a17565bafa5ef507ca49a839d6cff053a682ce27eab25b9a817e5b794bd25dac2b31172b7e8708679eec1f2303
-
SSDEEP
49152:I5Bdkfblp10z/MDhhEEJrneobhInah3edweoDfkOJxm/zDrTUwjzNpOBOzm0:I5BslPKMDhhrVnNS0ew5Ds3zDUwPjOM3
Score3/10 -
-
-
Target
Protect/CodeEncryption.dll
-
Size
6KB
-
MD5
1b00d472d9eb115ae1596e8cc531bde8
-
SHA1
102273fea413961e9b9d95ec738530829050ee2b
-
SHA256
39713a232bb83cf4a1484e81122e721853c1d8e0c6afbf8933b632763edaef09
-
SHA512
ea1d15327c6e52a40b321b30bb4b4f760e58713d73a670c9462ebd5c8da2411fb0d6016687fb969d05051227f7972cc3d3c0196c142729598843d394b5d96eb5
-
SSDEEP
96:C1x3zZJmALlpSPt9Slu+7k02jPZLYJ+YmPTkhKWOu78zE/:iRm0bRkDjJIhKWj78Q/
Score1/10 -
-
-
Target
Protect/Core.dll
-
Size
314KB
-
MD5
fe11aaa70f1e043c753c7306653e1cec
-
SHA1
54bce571e79d34f7c5affcad16854a4ecf5730a2
-
SHA256
ae9ec9fa90a899125772e208f08f1f3b10db87626ee8e83e46d64ab2e4c672c0
-
SHA512
5f1325912ae8b0a8adefaef12ee65270c003fd82f56187240bb455b9e69d9ff1e022272d14284642d07cd54717dbfb24ec147e49ab132ff6ceacba8be9b1884d
-
SSDEEP
6144:1BfrFM68H+zqPnWZPmC9UV/WkKu+3DuYVqVXP+JtLMJs:1BfyyqPn+UVWkKLDjoVXP+r
Score1/10 -
-
-
Target
Protect/Core.dll.config
-
Size
420B
-
MD5
e3d2741928e80b1c896e9cd0c89eb905
-
SHA1
2e47a6ab3ec84d7b7ccfa52f4da45df456e421fe
-
SHA256
4cfa2763c40c898330415a35407ec494bd139422f9b01bd0045ba787d149e40a
-
SHA512
1a442ad424d5e258414ab4b8e4e223d54f356f786ae12e4ccdbe4acdade72bb4f33a6e26bb2e77584ab4dbc71e0c116865f33f99f676b43d9ea1247c30685924
Score3/10 -
-
-
Target
Protect/Custom.txt
-
Size
6B
-
MD5
77d4f35d1d9a17a5503b51b5a150e897
-
SHA1
85fe58af866686ca2932c6fcb2808beb00e0f1d5
-
SHA256
0507c9fc0c92e98858ad4b93e4e8f2e131f7ee8e705673c78a0701b962463a9c
-
SHA512
80dbd56996fc9103397d8b3dfabdf436eac29ba242e2c65b16ef0d7ddf3cdee51785893c5042dac8f6719b347d9863c7a0560d25380f043ae2563c86c55f8df4
Score1/10 -
-
-
Target
Protect/Guna.UI2.dll
-
Size
2.1MB
-
MD5
278752062981db6fe27ba55f5099b8ae
-
SHA1
8446637986cf4a24e9135ee5c54f3170600e1e83
-
SHA256
538e6ca6001d609e251f88243409a2cbc9bc0517751843e76485a2c335e7829b
-
SHA512
142ff82ca90ca63a6a854e866615d742b585c102e8c4de5c773edeb1ac30c2cc2f6bcb190da394e4aadb4ef9518d194d99904463d6e952170d2924b16fcb00a5
-
SSDEEP
49152:PQNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckFjvkoEFB:PAhck1
Score1/10 -
-
-
Target
Protect/Hardening.dll
-
Size
30KB
-
MD5
e77b47a6fd55eaabd9f4ed5bc9290408
-
SHA1
f761f8521d6fafaeeca76f80bf6ea4b4b4ffd39a
-
SHA256
baf1502b89b002095c249c8660fc0cf432b5718f13c554b6628057d04c619b0b
-
SHA512
38833e914270c401c5aef7f0fc3981b0eebd3a8735ceac4ca489ff674efe8c15df4891f021c0652f38fa6faf69b65c031bc964006756b9fcb805dd4888b2b48e
-
SSDEEP
384:H5/uQkzHPTbPnvPcFWWgrVVBfl3zDRDzAHby+WXk/5X/oNqJ6SvDJKHUCTjpIFFW:Z/IYFWWcdFzRUbPBXA4R0jeBsSCkOv
Score1/10 -
-
-
Target
Protect/Hardening.dll.config
-
Size
693B
-
MD5
7cffc162b332913310f09a9c3691f42b
-
SHA1
1dd4c4ade0e15ed4e64ca978a988f44718cc2eec
-
SHA256
04a8623c12ab0ed3704d8bf59adf492e7eef4e1848a3cbf76ea33ef866e1bc37
-
SHA512
6d1721f771f6374f2e9ed820a53f1904e8c79bfa4c817bab1f6626fc1995d17c114cc891a0d18bf13dce03386373e98544230d8b36bfdf9fbea53d0c6d567f8f
Score3/10 -
-
-
Target
Protect/Runtime.dll
-
Size
24KB
-
MD5
b3961dc1d59bea84865aef7334e4624e
-
SHA1
82cbb364f6061c34fb922b7dee9194146a249e83
-
SHA256
fbed8fa972010fe09bae30f92b6fb1b872a4291da8e6a71b82d7e968467e2212
-
SHA512
8b0b96008fba174c34f4dea99017cb17f25ecd1ad16a91c8c8074b7e151270f976761854adb5c5dbf480133763043e0134d9fbe8d76cce7f60b3e83351023215
-
SSDEEP
384:7POagYLG/eB5OezkmTRGVVVVG93UnUWn/Tk991DhuRxgDVwwBEH:DOK77k8h93rT91YRxKwpH
Score1/10 -
-
-
Target
Protect/SECURE BYTE GUI.exe.config
-
Size
532B
-
MD5
9fca48d74c2f1f8ae46c270c7a9fb5dc
-
SHA1
91b4d72dba8e0e1ee533c56b6962b5a9acdc02cc
-
SHA256
9c57e0aa56a2e086a674c39080765b349c7ffbccd8ec77c4e30c8cc8e3588260
-
SHA512
5d09fec5ad0e64b1e95ba61c666eea4ab05f062fef2922ffb48764a71d584f7aa19a9ccec9b1f4901315f18930022545270cd214fd4330e74396d4ea3ce931e8
Score3/10 -
-
-
Target
Protect/Saved.txt
-
Size
565B
-
MD5
701d7e12a9c8c5b6b6a9da85374f3374
-
SHA1
8e2b7375e9c94075092928bc9d31d19190348271
-
SHA256
24db43e0c9a5169f1cf19beefbf5c39da0cb641f3a985e03d03f2fdcc1b93892
-
SHA512
e0d8cbdc77dc61a637dc9d59e9f7532578f9751af709bc3c3f8eae4dea297159cf49d51430a1bab460e9aaa49906c94bcf67464252964cc65870b981f9aefcd1
Score1/10 -
-
-
Target
Protect/VMUtils.dll
-
Size
4KB
-
MD5
673d2f5daa3363a3b5f6c4db2ff2c693
-
SHA1
e47cc6f683af6434c168c41f6da2d93cd74035c9
-
SHA256
1d51cd7d1e42ade90d836da74eb1f172e49d6e9cc8b16855fbbdd0d1ff8aa8c8
-
SHA512
96c7d17485db28df771350dd5fbaba8be062a3eb4b50b936ac21030fc8cbf223612b4558dc2c0608f11532bef0bdaca4afa691729eace90b0c27bd6eaa73bd6e
Score1/10 -
-
-
Target
Protect/Webhook.txt
-
Size
124B
-
MD5
b58e50429077fe682b07c7b3e64bb3fd
-
SHA1
cc762ec39281c7a7c4f865ad013c874f70934c1d
-
SHA256
93c539de495b393440bb1f3f36cf1f843872a99694292997fe1a57f7c1e4ece0
-
SHA512
7206dc0986f6d4d452345561183208f9a3913895c8178f8abb23128747fa4a284e94a1eecd313764ccbfb4df41c72681471f269c1b361cdf5f4fe8c4671dfe09
Score1/10 -
-
-
Target
Protect/bimno1-JIT.exe
-
Size
3.5MB
-
MD5
9fcdeaa7788f4594d0f99939aa68e889
-
SHA1
c463364816644fb51c54f863e4385dd9780783a7
-
SHA256
5a2d9d0d5355cc4e7190fcc65456a2463e9f70ea80401e94cf167dd313751c08
-
SHA512
a5c10f86ee9c132c3379952673706f21b121cb8877ef0a4c50bee8adf1eec4762bd1de7f9231974e985118b5c94cb6106758ecd27b4dd94a7d13118b47631e65
-
SSDEEP
49152:ChnD+vBJKn2KGPwWMF3jr4Bou1JM7XNUPP:ChnKZBwWMFzr4BlJM7XN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
Protect/dnlib.dll
-
Size
1.1MB
-
MD5
3d913aab7b1c514502c6a232e37d470e
-
SHA1
28ac2d1519ec5ea58b81fe40777645acc043b349
-
SHA256
bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff
-
SHA512
311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027
-
SSDEEP
24576:2gW20arTgWkk7z2B3Kqwf11Ot9Awr89Iv7f+NGGL:XC3o4swrY
Score1/10 -
-
-
Target
Protect/dnlib.xml
-
Size
1.8MB
-
MD5
4f66f6d14a67bbd0f70012557d88d17b
-
SHA1
d378a9d3fefa6b152c571471c0f137f10fff3151
-
SHA256
f453807c0866bdb424541c9297a4c55107143c0103cb84f23d070044f62b7273
-
SHA512
4ee56fd74dbbcaf4ba0ba41a10c4c88bde0d12b2a01afab71017acc1b604658ed9f64b03a0a0876d295c3591ff000f0fd75cdf622612027bd8860d811e6e7b34
-
SSDEEP
6144:VTA+Hp1CIPAqPFgrOLkOXhR+y+cNUaOtCW5n:dp1CIPAqPFgrO7XhR+y+cNUaOtCW5n
Score1/10 -