Overview

overview

7

Static

static

3

antagonist...al.exe

windows7-x64

1

antagonist...al.exe

windows10-2004-x64

1

dxwebsetup.exe

windows7-x64

7

dxwebsetup.exe

windows10-2004-x64

7

libcurl.dll

windows7-x64

1

libcurl.dll

windows10-2004-x64

1

zlib1.dll

windows7-x64

1

zlib1.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Release.zip

  • Size

    905KB

  • Sample

    240725-z2rfbayajf

  • MD5

    8cbf1500e1e8167378abc9cd03073947

  • SHA1

    595768da7ec19d2c450d2a5e21e99c7724637e6e

  • SHA256

    8c59fc496f5f3747e7c379d17ca36ea959e8739738b1f2d3f327167c2bbc61ab

  • SHA512

    487f1fef2bcc4b9cb461ab6cfa63abff3c8dd6c2bd69a9092b06f79fd1a2e85176b39de430eab129ef9990a737294749329c668b80f1bb0dbe87144d93f0a2a9

  • SSDEEP

    24576:9YY9oPtsTmOXrdBDQ5mgGwZZrtadJvjZcuQiKuoZ:aGoP6/DQ53VdtSv1JhkZ

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      antagonist-external.exe

    • Size

      640KB

    • MD5

      b6217f06245d846b4b56078545941088

    • SHA1

      33bedbfb96d6c58c233f8dae490c433fb238c9c0

    • SHA256

      df5be9f91b97be253c6b4af18fbca1535eb5af207f7eb46d5f34998f2dc23da7

    • SHA512

      cb70d9f50ce70d3ac52a310a02ff35314bfa204f0b270c1f4732f6454a61b89524cb3a5eb225c2bc694e4395d9b8cd6ac61192623ca989185c053ffd648833eb

    • SSDEEP

      12288:QNtoGs4YCP3lZtgrpHh5mnAhIBeY8FKX:QboG5PXtgdHkBeY8FKX

    Score
    1/10
    behavioral1behavioral2

    • Target

      dxwebsetup.exe

    • Size

      288KB

    • MD5

      2cbd6ad183914a0c554f0739069e77d7

    • SHA1

      7bf35f2afca666078db35ca95130beb2e3782212

    • SHA256

      2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

    • SHA512

      ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

    • SSDEEP

      6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0

    Score
    7/10
    discoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      libcurl.dll

    • Size

      534KB

    • MD5

      6456029a2b74fedd202c4c39cb813493

    • SHA1

      65a34084f6a452c071af2b81e0479ac6465da06e

    • SHA256

      81555a354adc3e90e8810821f861c78f050dfe29758af491ba6f4f9e89ea0830

    • SHA512

      d64b8dd502e29b2853497aa06dd1f88d3fe20aadc848cc35bd59255abcd0ed6c394312d1d9fb47eca206fee8f97191414892d5b8e801b1959840f43a42b90573

    • SSDEEP

      12288:GT1KxQHJLDAVXvMcZeqqeptYOpFgVV6uQ9BkeznfT/ip0f:GhxHJLDAV0cJqepUV6uQ9BkeznfT/L

    Score
    1/10
    behavioral5behavioral6

    • Target

      zlib1.dll

    • Size

      88KB

    • MD5

      5bd8496fd883d0ccb35cae92eb5aeff3

    • SHA1

      4186392bed2607ea54f74d579742b825ced6d331

    • SHA256

      59f8c5dad453be4bd749c47fb8f74fc40c0a2ec5ba46ca6fc96d78a9bcce8033

    • SHA512

      311d884e3f56f00db2caf7581e4fdbec341d5a21b7a0b8b75ce259e263dfae9c388d8915e4fb9a5d5e0a0ba9a1b86b8bfe704070cef6dab27e45927ca2260000

    • SSDEEP

      1536:wrCl5V5lEwda1RnSbFfbpYwayRyivl9LtKIOcIOZ7yeSOzFH80o/g:QcV5lEwUbShbpbaCpvlYSZ71SOz980j

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks