Overview

overview

7

Static

static

7

Agbot.Pack...32.dll

windows7-x64

1

Agbot.Pack...32.dll

windows10-2004-x64

1

Agbot.Pack...32.dll

windows7-x64

1

Agbot.Pack...32.dll

windows10-2004-x64

1

Agbot.Pack...ro.bat

windows7-x64

1

Agbot.Pack...ro.bat

windows10-2004-x64

1

Agbot.Pack...er.exe

windows7-x64

7

Agbot.Pack...er.exe

windows10-2004-x64

7

Agbot.Pack....4.exe

windows7-x64

7

Agbot.Pack....4.exe

windows10-2004-x64

7

jsocks.jar

windows7-x64

1

jsocks.jar

windows10-2004-x64

1

start.bat

windows7-x64

1

start.bat

windows10-2004-x64

1

Agbot.Pack...r5.exe

windows7-x64

1

Agbot.Pack...r5.exe

windows10-2004-x64

1

KoreanCapt...or.exe

windows7-x64

1

KoreanCapt...or.exe

windows10-2004-x64

1

edxSilkroadDll5.dll

windows7-x64

1

edxSilkroadDll5.dll

windows10-2004-x64

1

edxSilkroa...r5.exe

windows7-x64

1

edxSilkroa...r5.exe

windows10-2004-x64

1

src/Common...oad.js

windows7-x64

3

src/Common...oad.js

windows10-2004-x64

3

src/Common..._io.js

windows7-x64

3

src/Common..._io.js

windows10-2004-x64

3

Agbot.Pack...TL.dll

windows7-x64

1

Agbot.Pack...TL.dll

windows10-2004-x64

1

Agbot.Pack...MT.dll

windows7-x64

1

Agbot.Pack...MT.dll

windows10-2004-x64

1

Agbot.Pack...CK.dll

windows7-x64

1

Agbot.Pack...CK.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 06:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Agbot.Package/HackshieldStuff/HsServer/ProjectHsBypass1.4.exe

  • Size

    176KB

  • MD5

    09889a55568567b498067851bc6e89ea

  • SHA1

    0a9be3657a72a78a73e1ecf77073d00110c3af24

  • SHA256

    0572414b6b30652cc78010b3dcaf0d8fa2c0d3b9783ed6f3131bad6c9b7bb840

  • SHA512

    a4dac197ea0e6eb3b2a3f00d5c696901fecaf39cc49afd937d18229f25e52e0611a0aeaba3fb60c79af3499a557cff588dee1e4134a5db40aeb3e94c058e7731

  • SSDEEP

    3072:8d8F13nVL11y9bfkrcFMZNGE+efKrvrNW2Pt5zIuaKSOhvZaxt4gFRCFNmzYGo:hF5VL11ikrQINGE+eyrvBvdZR8xbFRgy

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Agbot.Package\HackshieldStuff\HsServer\ProjectHsBypass1.4.exe
    "C:\Users\Admin\AppData\Local\Temp\Agbot.Package\HackshieldStuff\HsServer\ProjectHsBypass1.4.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5116

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5116-0-0x0000000000400000-0x0000000000459000-memory.dmp

          Filesize

          356KB

          Download

        • memory/5116-1-0x0000000000400000-0x0000000000459000-memory.dmp

          Filesize

          356KB

          Download

        • memory/5116-5-0x0000000000400000-0x0000000000459000-memory.dmp

          Filesize

          356KB

          Download