SweatPlay[.]exe | Triage

Resubmissions

14-02-2024 17:51

240214-wflfdshc7v 7

Sharing

General

Target

SweatPlay.exe
Size

5.4MB
MD5

bc3b6e037bdc796b73739eae8aa628c0
SHA1

413599ae5ba0dc4912dc2ab65faced7bee16da1c
SHA256

f52ebb9a43f48645ec294e7e782772b12992705b2029d713722e8ec4534a4a8a
SHA512

4e3a619f8fd85f2167b88803050deda17e6bbd3b3cea27f97e0a59a87fb4ce3119acba59dffe32f269a51733b0b90dca380a0463b2333b46c2365bb7c84cecca
SSDEEP

98304:hQ1qpFRe/WHemwI41qpFRe/WHemwIuwy8/eV4dkocar7y2prw6/UzvVTBVGO88IZ:e0pFIqemwI40pFIqemwI7tY4K/cvprfr

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SweatPlay.exe

Files

SweatPlay.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

J5phaoJ
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dher
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.null
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ