Overview

overview

10

Static

static

10

Thanks For....0.exe

windows7-x64

10

Thanks For....0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    S-400 .Cracked By LMJ.rar

  • Size

    10.2MB

  • Sample

    240907-qk2qaawdmj

  • MD5

    40ec42776d20ddf033c96cdce5726812

  • SHA1

    d104f876c7ced7e8eb2fb6fe079af73f6f002a97

  • SHA256

    498df8057ccd98b0cc7b47fb53276fb2cf040d5f745c6138d4b574df620e7ce2

  • SHA512

    4708394c61820076d085480c94263ed577d5c528f2454b421829940c95c3fc88fd0a891979f30fdbac8bef1810fee22c1c02e7c96fe110c91d32585febe17f0b

  • SSDEEP

    196608:uXQ6Six3oz37XVk6zP8+ADo9msQ/UjzTVSrvtJgOlq+Q8fjLwylzeiWR:MVeLXVLrSooNMfTgrFbq+QGgy4xR

Score
10/10
agilenetdiscovery

Malware Config

Targets

    • Target

      Thanks For Purchase/S-400 [EXTRACT]/S-400 RAT v3.0.exe

    • Size

      10.7MB

    • MD5

      a39a575da05f3dddeda3508b992f41ee

    • SHA1

      1cfb7c32b81d22d6bded1bcfe07e6b86769df7f0

    • SHA256

      69d72335bc69e00572e589826b8b8bcce4596df75c6f8ceae6f1c6745af3ef95

    • SHA512

      2bae0dcbeb9f28c2f20ad5e5103eaf4d6824d4a7f33f59e57f9ac151c898089f919c6e5ef980a56d4025ee32812ce985be0b3d7799ca72f1851caffae749683a

    • SSDEEP

      98304:/WZ2Pm4Jyohom4JyP0H0ouruYXn6bX2gso4TQqW0KRXdLbnm4Jy:/Wkv/hivDpbXxCQqWlPX

    Score
    10/10
    agilenetdiscovery

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks