Overview

overview

7

Static

static

7

Agbot.Pack...32.dll

windows7-x64

1

Agbot.Pack...32.dll

windows10-2004-x64

1

Agbot.Pack...32.dll

windows7-x64

1

Agbot.Pack...32.dll

windows10-2004-x64

1

Agbot.Pack...ro.bat

windows7-x64

1

Agbot.Pack...ro.bat

windows10-2004-x64

1

Agbot.Pack...er.exe

windows7-x64

7

Agbot.Pack...er.exe

windows10-2004-x64

7

Agbot.Pack....4.exe

windows7-x64

7

Agbot.Pack....4.exe

windows10-2004-x64

7

jsocks.jar

windows7-x64

1

jsocks.jar

windows10-2004-x64

1

start.bat

windows7-x64

1

start.bat

windows10-2004-x64

1

Agbot.Pack...r5.exe

windows7-x64

1

Agbot.Pack...r5.exe

windows10-2004-x64

1

KoreanCapt...or.exe

windows7-x64

1

KoreanCapt...or.exe

windows10-2004-x64

1

edxSilkroadDll5.dll

windows7-x64

1

edxSilkroadDll5.dll

windows10-2004-x64

1

edxSilkroa...r5.exe

windows7-x64

1

edxSilkroa...r5.exe

windows10-2004-x64

1

src/Common...oad.js

windows7-x64

3

src/Common...oad.js

windows10-2004-x64

3

src/Common..._io.js

windows7-x64

3

src/Common..._io.js

windows10-2004-x64

3

Agbot.Pack...TL.dll

windows7-x64

1

Agbot.Pack...TL.dll

windows10-2004-x64

1

Agbot.Pack...MT.dll

windows7-x64

1

Agbot.Pack...MT.dll

windows10-2004-x64

1

Agbot.Pack...CK.dll

windows7-x64

1

Agbot.Pack...CK.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    380ac3b3593ab17c1efc15396ee7c5b6_JaffaCakes118

  • Size

    7.4MB

  • Sample

    240711-g7m1zawanh

  • MD5

    380ac3b3593ab17c1efc15396ee7c5b6

  • SHA1

    d1355dacab46f850607d6278fdd937228ce0c765

  • SHA256

    f3ea29a2811f839ca72b82e3ccf19bdb83ec25818cbe16e61a6f2f152436a03d

  • SHA512

    24cb25bbf93e5126042cd50cda723ff48d7d395fe990d113e50df11ab88dd72e9a7a6a7c774d0c9fb5c47fd378eaff2fde5140e9d02b650a7ce04a86beae3e8f

  • SSDEEP

    196608:yuG0h/97aUNL8TRcpz4Xeq+1/XRXT8qhq:y1CVaUNwccA1R8qQ

Score
7/10
executionupxvmprotect

Malware Config

Targets

    • Target

      Agbot.Package/COMCTL32.OCX

    • Size

      595KB

    • MD5

      821511549e2aaf29889c7b812674d59b

    • SHA1

      3b2fd80f634a3d62277e0508bedca9aae0c5a0d6

    • SHA256

      f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4

    • SHA512

      8b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd

    • SSDEEP

      12288:LUVJnkkCKDCUUgdxxnwH8aYvR4+NyEFVUmJ8ts:QvknYJ4xEFCmuu

    Score
    1/10
    behavioral1behavioral2

    • Target

      Agbot.Package/COMDLG32.OCX

    • Size

      136KB

    • MD5

      3ec0a48ed8d8a019175cfa3952ccb3b7

    • SHA1

      075ffa431a55a272c2cdfe465ac130ab654ba9e8

    • SHA256

      f9ecca1f6718f7ab711e3f675dce438930079ca8649f101fb41a93d85977149d

    • SHA512

      0c51c31c0fa9d5b4909a5085bd72881c4e4867f90c0e576d5344b311f4e1d22ed7141ff359e43dcf53e8c84782bc34062c16dab04f63e73487e91b1db4cc33ca

    • SSDEEP

      3072:489tWEjIsyhCkstAxTjnRfB0//TBtJrHo6hg7lLnN6N2TRqESdX7ofr7:48TW7MAxnRfSJLopXRH6m7

    Score
    1/10
    behavioral3behavioral4

    • Target

      Agbot.Package/CloseSro.bat

    • Size

      13B

    • MD5

      7553b42d48cbe0b62d19be91c479286f

    • SHA1

      1db5c561ffa885423fa8698f755a89ee629636f9

    • SHA256

      a17aa516f502f7ae1b4fa03ebc140e3059be679351210c83f707d51954c12d84

    • SHA512

      85d121fd4c39e5613f55c79c7dcbfc1b6b037a99a26b8bf2f4a258c97404217be9edc45369137536d82efd5359e69a64b1af9f93507b6a91f70866cd75ebeff2

    Score
    1/10
    behavioral5behavioral6

    • Target

      Agbot.Package/HackshieldStuff/HsServer/MediaPatcher.exe

    • Size

      92KB

    • MD5

      a7c1d477438f54c7a14f7ef150797b1d

    • SHA1

      faf280f271be4c66e0afe480259ab476ea735332

    • SHA256

      18d2ef8d1ef20c71553cb65209108e8b2edbb16020c1bc8e477f8c48459321cd

    • SHA512

      9ba81c715b792de402ecd31f63cf943033dcb91273aed08505fb09b5c61f46bc3a10afe076f8c56b58a0268eecf9fec2734e3d147664a8434d5f8da1fdb915ad

    • SSDEEP

      1536:nnST7c9m2pBWaqvNDXwqwsfnl0hG8PhU4B/orzf2d2/d/ZSoB6BHt5GuOrqSw3iP:nnSWm2ZqRwsCg8P9B/0f2d2/Hyauud6e

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral7behavioral8

    • Target

      Agbot.Package/HackshieldStuff/HsServer/ProjectHsBypass1.4.exe

    • Size

      176KB

    • MD5

      09889a55568567b498067851bc6e89ea

    • SHA1

      0a9be3657a72a78a73e1ecf77073d00110c3af24

    • SHA256

      0572414b6b30652cc78010b3dcaf0d8fa2c0d3b9783ed6f3131bad6c9b7bb840

    • SHA512

      a4dac197ea0e6eb3b2a3f00d5c696901fecaf39cc49afd937d18229f25e52e0611a0aeaba3fb60c79af3499a557cff588dee1e4134a5db40aeb3e94c058e7731

    • SSDEEP

      3072:8d8F13nVL11y9bfkrcFMZNGE+efKrvrNW2Pt5zIuaKSOhvZaxt4gFRCFNmzYGo:hF5VL11ikrQINGE+eyrvBvdZR8xbFRgy

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral10behavioral9

    • Target

      jsocks.jar

    • Size

      385KB

    • MD5

      79651847128af1eef88ea606cffd4d31

    • SHA1

      20f364ccc291c07f17a558653e37e7122cce00f1

    • SHA256

      ecb9d44983826e0c1184b0b5747566699963ac835bdef5bf62b3c77e56e25721

    • SHA512

      9f666e01e6c3662e1dbe6b0826801ec1a8e3b04b80120e8c02888ca3898a98cfc108dff753afc72b1a31c28f3d0230dc574642fc86ece8cd9a492127b65d68e7

    • SSDEEP

      12288:uZO9SNKhrlS6OOedCYNUF3EmqT3ESX9mlYr:uZCMK8BNUWT

    Score
    1/10
    behavioral11behavioral12

    • Target

      start.bat

    • Size

      388B

    • MD5

      c6171dfd929b6b760457dd1191611833

    • SHA1

      a713d9dc6347a94613a0d8cbd3d949a08fe21779

    • SHA256

      f3caba3083a8bc66b652065480fc1b8c25ddc80e07bd5048082d784fcc9cecc8

    • SHA512

      c0346f9d1e900b47a9d6992f930edbd4203a5d5c44f43183b97e36f1bc1ea6801dedf0fbaf51583f9e1f813a0410a0661cf0e5c00da7042af02cf2488512c091

    Score
    1/10
    behavioral13behavioral14

    • Target

      Agbot.Package/HackshieldStuff/edxSilkroadLoader5.exe

    • Size

      235KB

    • MD5

      b3622c70e0ddf6be65977a8713180c9b

    • SHA1

      3f86b48a150c28cb640a324e8989a51d4c42ac1e

    • SHA256

      c4935f03197c9b9a788a73237b2d608bf45dee67d75dbe6ef3a934f8b139e80d

    • SHA512

      26e03b28abc716bbbf87ff63c791e74220aac24067f80303591be782e9675ddd13040522335cb6f957ed8c61d0fa29a2c410abdb3e9db647b7972528e8f1b119

    • SSDEEP

      3072:qn/skB/1LasrKHVzn2uPmjkU07SRulHqcL4UE1SZNJ5uPdN:esCcz1L2u1HqQEcZNaP

    Score
    1/10
    behavioral15behavioral16

    • Target

      KoreanCaptchaGenerator.exe

    • Size

      825KB

    • MD5

      36fc066f08c697a46f050c1c298f9148

    • SHA1

      dbf8a50e10e1be9490a56284604b0f9e51a3faef

    • SHA256

      1891c61e38d898258a5e500fbff6982a119267b8bf7a62dc8860e100a5498a69

    • SHA512

      105f3d9fa0836e9bcae8c2a1059936af9c6f6ff64004d4ec8ddbe4f3fcac50f5c447c1a85241d55e39956bc23de71bbd1097bfea86b932ae60f0d18f93eb093e

    • SSDEEP

      3072:/x12mRWUZGb1Y8fwvN/FJ2QsfwgC5ElPj2ss7dKcoejT:umIKKY8Yh9gf2j

    Score
    1/10
    behavioral17behavioral18

    • Target

      edxSilkroadDll5.dll

    • Size

      289KB

    • MD5

      51ed8a28b1da0e68c3bbcf52815e5e2f

    • SHA1

      c1f42a418b2e703565f0ab9fa2e2bd7618daeb4c

    • SHA256

      b755bcace4dfe31f49a202e38eed93e3200faee81c501b946cdee11302ea7500

    • SHA512

      4f11287726f3513234b822cd77a0eee625c746dc08e23f77120eed1ecacfedac60d51a27fac5b1355bfc34ab266c09b3f54521a90c225fcd0489be5b99187d4f

    • SSDEEP

      6144:qZGrCQgTD8wtm7V9TDE/2708z0cN0MKA:qIr04uS9U//8zWA

    Score
    1/10
    behavioral19behavioral20

    • Target

      edxSilkroadLoader5.exe

    • Size

      235KB

    • MD5

      b3622c70e0ddf6be65977a8713180c9b

    • SHA1

      3f86b48a150c28cb640a324e8989a51d4c42ac1e

    • SHA256

      c4935f03197c9b9a788a73237b2d608bf45dee67d75dbe6ef3a934f8b139e80d

    • SHA512

      26e03b28abc716bbbf87ff63c791e74220aac24067f80303591be782e9675ddd13040522335cb6f957ed8c61d0fa29a2c410abdb3e9db647b7972528e8f1b119

    • SSDEEP

      3072:qn/skB/1LasrKHVzn2uPmjkU07SRulHqcL4UE1SZNJ5uPdN:esCcz1L2u1HqQEcZNaP

    Score
    1/10
    behavioral21behavioral22

    • Target

      src/Common/Silkroad.cpp

    • Size

      6KB

    • MD5

      1d20c82e4d700f82d465564ebef4b86d

    • SHA1

      b5231d0a698629c919ce1185f70d2983b613e4c0

    • SHA256

      3f9251f065af34cd6a65757ef46cfa13638b64cb1bfaa9c4cd08b09e48fd3657

    • SHA512

      9d3c9f589cd2f554c77a117a87ac3cde41a8c9e514dc8a972f77189de54b08fc54189772d43ab93a1c18ebd4d8164abf1cda73f8b92c77f9c0014989418b7420

    • SSDEEP

      192:fRprmpMSGvbDBof2DnW0Vjkgq+rlkeD44S4lvlUtlTQC/sV:fRprnJC6W0VHOe3bl6tyCU

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      src/Common/shared_io.cpp

    • Size

      1KB

    • MD5

      36601a3d95bb3045c8a39cbc2aebb43f

    • SHA1

      5686649713a29fc14140b24abefbcd3ca4389ea8

    • SHA256

      22e22099f91d7df0f8c1a65faec83bb0bc25b3481458cb067bc63db12393cc23

    • SHA512

      2bd5de0acf8b9f14cec859dce267bb35fec2e295d1376ec49a2fa9254fb4d615e005f16bef9c82039f408b64819b3ffa91afd37c16acfedda7471748f37b9b97

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      Agbot.Package/MSCOMCTL.OCX

    • Size

      1.0MB

    • MD5

      f7bbb7d79adb9e3adc13f3b3c33d3d4d

    • SHA1

      cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a

    • SHA256

      18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006

    • SHA512

      4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e

    • SSDEEP

      24576:mnt4M/pL1wAEIqSBanK6CC33VTj+1R8xRFLqqmbD1kWIAqPA:mPL15EIqS1e6q3FmKbt4

    Score
    1/10
    behavioral27behavioral28

    • Target

      Agbot.Package/MSSTDFMT.DLL

    • Size

      122KB

    • MD5

      2a41b7be5e18e8e24783884199910efa

    • SHA1

      e3ee56f36335b0e352844321380d05dea4c2178e

    • SHA256

      c365e8ca5636be31a21ad207d9fb3d3c58085dc1db16e0b156e47fb4bb666567

    • SHA512

      240017dd47ab7807942a7e668461e2f190eb25f8fdd6fc57e7d13024aac5259f369a6710d2507ac04d1ad519de2592711b53df788d2d4589e20e733bbf8d697b

    • SSDEEP

      3072:55y5gIOSOlYIWXVUXfRshAcqba3qg/xvYVWI8:55y5VKltxeqbaac3

    Score
    1/10
    behavioral29behavioral30

    • Target

      Agbot.Package/MSWINSCK.OCX

    • Size

      105KB

    • MD5

      9484c04258830aa3c2f2a70eb041414c

    • SHA1

      b242a4fb0e9dcf14cb51dc36027baff9a79cb823

    • SHA256

      bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

    • SHA512

      9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

    • SSDEEP

      3072:R7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrb:RNkVsuaRaU6mHGb

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotectupx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

vmprotect
Score
7/10

behavioral8

vmprotect
Score
7/10

behavioral9

vmprotect
Score
7/10

behavioral10

vmprotect
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10