Analysis Overview
SHA256
5aaa80bc6f4bafdc40f59beda4af6c7075455733977153ac031c28e65307e2ef
Threat Level: Known bad
The file 2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader was found to be: Known bad.
Malicious Activity Summary
Detects Reflective DLL injection artifacts
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Detects executables manipulated with Fody
Detects Windows executables referencing non-Windows User-Agents
Detects executables containing commands for clearing Windows Event Logs
Gandcrab Payload
StormKitty payload
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
Stormkitty family
Metasploit family
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
Detects executables packed with Enigma
UPX dump on OEP (original entry point)
Detects executables packed with ConfuserEx Custom; outside of GIT
Detects executables packed with ConfuserEx Mod
Detects executables packed with SmartAssembly
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 08:53
Signatures
Detects Reflective DLL injection artifacts
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing commands for clearing Windows Event Logs
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables manipulated with Fody
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with ConfuserEx Custom; outside of GIT
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with ConfuserEx Mod
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with Enigma
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with SmartAssembly
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gandcrab Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Metasploit family
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 08:53
Reported
2024-06-14 08:53
Platform
win7-20240221-en
Max time kernel
0s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcr.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcr.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 08:53
Reported
2024-06-14 08:53
Platform
win10v2004-20240508-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcr.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcr.exe"