Overview

overview

8

Static

static

7

dragent-3....ce.bat

windows7-x64

1

dragent-3....ce.bat

windows10-2004-x64

1

dragent-3....ve.bat

windows7-x64

4

dragent-3....ve.bat

windows10-2004-x64

4

dragent-3....60.exe

windows7-x64

4

dragent-3....60.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.exe

windows7-x64

4

$PLUGINSDI...ll.exe

windows10-2004-x64

4

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

dragent-3....nt.bat

windows7-x64

3

dragent-3....nt.bat

windows10-2004-x64

3

dragent-3....ce.bat

windows7-x64

4

dragent-3....ce.bat

windows10-2004-x64

4

dragent-3....ce.bat

windows7-x64

8

dragent-3....ce.bat

windows10-2004-x64

8

dragent-3....mp.exe

windows7-x64

8

dragent-3....mp.exe

windows10-2004-x64

8

dragent-3....ce.bat

windows7-x64

8

dragent-3....ce.bat

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ec2d9f21a9378f33da234b89a4c25fbf9cc8b7201635a2288be724daad305d16

  • Size

    1.6MB

  • MD5

    0a836269d51dec3c2ddda302bac7f1d4

  • SHA1

    1ebb4b2a287a28ba949ac9e4017571e3cb2a55bd

  • SHA256

    ec2d9f21a9378f33da234b89a4c25fbf9cc8b7201635a2288be724daad305d16

  • SHA512

    a78462522682d4258add874ad7e5dbd2aec6dc7092915b478306cdf7d739e3b85195223e695db83669ed19fcd46c0fe0e59f11df39e40d7c1cbccf84d11e9405

  • SSDEEP

    49152:MwN/P2J+sgcK4qRwh+s9YmmWtEHRxnarft3d4X:My/+Msgkq5FctEHRxul38

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ec2d9f21a9378f33da234b89a4c25fbf9cc8b7201635a2288be724daad305d16
    .zip
  • dragent-3.1-windows/FAQ.txt
  • dragent-3.1-windows/agent.ini
  • dragent-3.1-windows/install_service.bat
  • dragent-3.1-windows/keepalive.bat
  • dragent-3.1-windows/npcap-1.60.exe
    .exe windows:4 windows x86 arch:x86

    dfb595641ed97366338a474595c7be08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    4b45b7e00344a87332fbd12653854d1a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NPFInstall.exe
    .exe windows:6 windows x86 arch:x86

    16c60e52b2d88477d6a57d25d53c5172


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/SysRestore.dll
    .dll windows:6 windows x86 arch:x86

    aa88191a9382bec9c5b80dd5eeb8e542


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/final.ini
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    c1c7505e1e6e929ebb6b9100e55b050a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/options.ini
  • NPFInstall.exe
    .exe windows:6 windows x86 arch:x86

    16c60e52b2d88477d6a57d25d53c5172


    Code Sign

    Headers

    Imports

    Sections

  • dragent-3.1-windows/restart_dragent.bat
  • dragent-3.1-windows/start_service.bat
  • dragent-3.1-windows/stop_service.bat
  • dragent-3.1-windows/tcpdump.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • dragent-3.1-windows/uninstall_service.bat