46e1f4257b5fbfbfbdcdb11eeafa0b91893385cf28972eb672ffc9fe906175ab

Resubmissions

28-07-2024 17:32

240728-v397layfmg 7

28-07-2024 17:11

240728-vqcqkayakd 7

11-07-2024 10:44

240711-mstg4avhlf 7

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan-Dropper.Win64.Agentb.aa.4220.26436.exe
Size

71.7MB
Sample

240728-v397layfmg
MD5

9e6ba754b50c865d54a69075a65620ae
SHA1

03f37194ead49ac842139e4a1c108bfc7663e6d7
SHA256

46e1f4257b5fbfbfbdcdb11eeafa0b91893385cf28972eb672ffc9fe906175ab
SHA512

23ce5afccb68f8b19e33f71ffa15bc62ee74d456bea6362a9a18bed5222225ea668ff929a7bb4625801432b76b3f8fef0c29eff940b4ab81f3a3dd9889e43651
SSDEEP

1572864:Sjdd8sMGv6fdWfu7QcQx4wFnrUY2asfgEdjrFQcIubVxqGZ6c7:O8sHSFiquBFwL9gujRQcFTL6c7

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan-Dropper.Win64.Agentb.aa.4220.26436.exe
- Size
  
  71.7MB
- MD5
  
  9e6ba754b50c865d54a69075a65620ae
- SHA1
  
  03f37194ead49ac842139e4a1c108bfc7663e6d7
- SHA256
  
  46e1f4257b5fbfbfbdcdb11eeafa0b91893385cf28972eb672ffc9fe906175ab
- SHA512
  
  23ce5afccb68f8b19e33f71ffa15bc62ee74d456bea6362a9a18bed5222225ea668ff929a7bb4625801432b76b3f8fef0c29eff940b4ab81f3a3dd9889e43651
- SSDEEP
  
  1572864:Sjdd8sMGv6fdWfu7QcQx4wFnrUY2asfgEdjrFQcIubVxqGZ6c7:O8sHSFiquBFwL9gujRQcFTL6c7
Score

7^/10

discovery execution
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Installer.exe
- Size
  
  152.8MB
- MD5
  
  fda6602339a82085bb78a3b5342d699d
- SHA1
  
  8d819ae678d45c0c7c096d1fde2462c68eea8a56
- SHA256
  
  ad285800d276e0aaa1c9810d54429352214d0c8b219ac7da2bb646953b112fcd
- SHA512
  
  6015ec2ce05dd551e2267417111610dc982e7270542dcaed6f44acbb6245b7d7c239196c853a3763e7acaaa9a158244dde43cd1065c4a4e4be1505b6aa869a2c
- SSDEEP
  
  1572864:yLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:yypCmJctBjj2+Jv
Score

7^/10

execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  7.9MB
- MD5
  
  312446edf757f7e92aad311f625cef2a
- SHA1
  
  91102d30d5abcfa7b6ec732e3682fb9c77279ba3
- SHA256
  
  c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
- SHA512
  
  dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333
- SSDEEP
  
  24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral11
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  e096c168b79a56ded0df1aa142d9f1da
- SHA1
  
  318f20dab294a315bd935160e9417fb5b28300f5
- SHA256
  
  65cc75329d17ec264e7a2db571ea55f918394241445ea64569a56c75d0cfdc60
- SHA512
  
  3dccf6ce85ef7e75690a5851642f10bb5e6e1572e91e933bacb7fcbfe405b0412b94ba0e160c3ba8d68d2b9afc1da268f61c83dccd6453d8c9470931ee900bfd
- SSDEEP
  
  49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t
Score

1^/10
behavioral12 behavioral13
- Target
  
  libEGL.dll
- Size
  
  470KB
- MD5
  
  1eecfb04c4434f5a813c8f0c0c8f2c88
- SHA1
  
  6dc3ca4b3f72e7fb33ba26fa488de323edb59add
- SHA256
  
  897ceb95fb164640ddd2426673997b5f6fc2619fd916b038b575a70a0682a706
- SHA512
  
  d7818a42a76508ac3150aea8d4e168b2db36f55f71983a177002086380a82e307624cfe37b01ffc3d7eb407485d182654d0d7c6a0c06ccaae60666630469c7e0
- SSDEEP
  
  6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I
Score

1^/10
behavioral14 behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  cba2436016f7a2838588a52d5b6f30f1
- SHA1
  
  81ddf44b3e122dfbee1a2cd8d4544364f1a621a4
- SHA256
  
  bcb3a3d2fca3c33fa3d1d5dc976aa913cdc8001df8e64c2cd3d2c545245141bf
- SHA512
  
  d92a880b5f83c5ae10ae9a83e38a293bb0e8c7659dd6ece162fc752d57c9fcde8036b81b023cd9f0f4f32b95b06fd4c366e20301010354b6cb904398a3149a44
- SSDEEP
  
  98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/
Score

1^/10
behavioral16 behavioral17
- Target
  
  locales/af.pak
- Size
  
  368KB
- MD5
  
  7e51349edc7e6aed122bfa00970fab80
- SHA1
  
  eb6df68501ecce2090e1af5837b5f15ac3a775eb
- SHA256
  
  f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
- SHA512
  
  69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d
- SSDEEP
  
  6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
Score

3^/10

execution
behavioral18 behavioral19
- Target
  
  locales/uk.pak
- Size
  
  688KB
- MD5
  
  ee70e9f3557b9c8c67bfb8dfcb51384d
- SHA1
  
  fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
- SHA256
  
  54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
- SHA512
  
  f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f
- SSDEEP
  
  12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
Score

3^/10

execution
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  5.1MB
- MD5
  
  524b0d85d992f86a7f26c162f3dbb91c
- SHA1
  
  bc9c862fd01f6134a0514dcb63f9fab7a61ce269
- SHA256
  
  5b2ffb78fa963f2dea5a7fcf7676fc3aba243c4372d7528c8f1fc8f726d0a3fa
- SHA512
  
  422a18af294d7551224e05f5f4f5dcfa51b3455c2e61fc285fd2b95b50274eb77ff317647e17b0e7d47459b4fed19c7c88c90e0878f2269a78d598b1196401d8
- SSDEEP
  
  98304:RKJSTu+985EkjstvgsnpkkHF3y/AFIB7:RQq85EkjstvgsnpkkJETB
Score

1^/10
behavioral24 behavioral25
- Target
  
  vulkan-1.dll
- Size
  
  906KB
- MD5
  
  6d4adf9a48dbce2e480ef10b1338ca3c
- SHA1
  
  ceb77d5768c6eda84ec8e0b43821b8027764de81
- SHA256
  
  4cca7e6c05b2d988926e4b4d0c8ff91d6356f18de8bf40b440251180e5cad6a7
- SHA512
  
  106db7309b40afabb1cca911b204c83129683dc116aec198568c4228c581bf0de5963bffc0b50df8f43ec355264f271fc383f4155be45350c0d7dd429c7f7f09
- SSDEEP
  
  24576:IEW7F7IyaHx/fempu2e6Z5WODYsHh6g3P0zAk7o:e7IyaBfempa6Z5WODYsHh6g3P0zAk7
Score

1^/10
behavioral26 behavioral27
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral28 behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29