1f62b8e0d6b7340c7b9d82153c69006ab446b29df4e0ca4df44e9b850a8367ef

Sharing

Copy URL

Twitter E-mail

General

Target

Mega2.7.zip
Size

65.5MB
Sample

240922-v46wka1fnc
MD5

90e951865f805bee7e41b4dcdcbe21d6
SHA1

91956612a4c3d100b7fe0b949e12b14c70b07c9e
SHA256

1f62b8e0d6b7340c7b9d82153c69006ab446b29df4e0ca4df44e9b850a8367ef
SHA512

d9d02ec78b5bd60bb92c1903f650a18390ba51382cf215aa57f4d0f806093e47fb3495e9a64a78bacbdf2f2f7abbbaed38a780f20e8187d40abbabb1d7dd10f6
SSDEEP

1572864:Akrj2adnuY4ERGl/NOC5Dvyd//74W5eBJO3Qmd7S8D:bldnT3RGl1b5D874tMAyb

Score

7^/10

agilenet upx

Malware Config

Targets

- Target
  
  MegaDownloader.exe
- Size
  
  5.8MB
- MD5
  
  159ec5b2998e5b7c030860c5810926b8
- SHA1
  
  ed26fbc1f348222347bff125a2869051a1b80703
- SHA256
  
  f1d28cf27891791b0b8f45612642be6ff62da691d726e23802c0471364251b89
- SHA512
  
  a8006271f35141dc9c2c39f9ad364e283e4dcdd032a86539a3e5685dacf1e1c51cd7104402d74df0b44b65c516e0b7d1236516dbc53d172c769f96de583e7126
- SSDEEP
  
  98304:AbW/CQrd9ttwvJm+BaN6tC3Lo9NdD5x/rKUjFNxvLWB:Abvu9t+v0+Bqp3LONdD5NeUjFNxvLW
Score

7^/10

agilenet
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2
- Target
  
  MegaVPN.exe
- Size
  
  231KB
- MD5
  
  ba1a3c2720f6e18edd51fbfae8b1d929
- SHA1
  
  6afeb3ad6c46df7de16b9bf64d7a961bd40b3be3
- SHA256
  
  2875813b92678b25d009bd15d8e4f13179c52678ac7d50364700e92d53e76239
- SHA512
  
  dac8936923395befd3cbc750c50a856401e6b77d872c38cae13ba24dba149fd94a1380cf33f033c003b61f48d7ad68558f8f671d7e6ab27ee77285a3c606ea72
- SSDEEP
  
  1536:FeZxibGMPOCe1Az2EV55g+38K1Az2EV55g+38tOFkus:wribGMP5CY5K+38GY5K+38QF1
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Win32.Primitives.dll
- Size
  
  22KB
- MD5
  
  9e12d3a3500f09d1ded5fe6830e4f8db
- SHA1
  
  afa308c0166d8cbdd1d5e6fdaa8c9b87eb9184e7
- SHA256
  
  e281d04d35118b7f3a2406014333e0581b74ea4b62f4f2388ad3ad8b32223c83
- SHA512
  
  459c90a4942b6014ec90a311c7ae45370e0d49ca4be3961570a2f50d340637ade1b6def90aa4722a91e3cedb0d14e5f8802c02745e72c5bcf705ac6499ae396e
- SSDEEP
  
  384:ybha4YH9Whs3W2W/Z3WUQ7q0GftpBjcERHRN7DlJrv:ybwJ+EieEBHb
Score

1^/10
behavioral5 behavioral6
- Target
  
  Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral7 behavioral8
- Target
  
  ObjectListView.dll
- Size
  
  417KB
- MD5
  
  17c2c609a19272baf4dd006bad1b2453
- SHA1
  
  64d90f05fa2a2b8fb46d75497f02a12dbad580e6
- SHA256
  
  cdc41a79d711fcc36e97911f37d66a010bae997ecd3712a4eb44003473a10dab
- SHA512
  
  436bc7996e78932482f0ab295f1aeb96eb539d5fb76a7338de191534671b9c26140eac27a9eb1bcdaafd0f2efd98026a3e6755b6efb1aed999e140697f10a9fc
- SSDEEP
  
  6144:s2MGgxsJq35u/x6E7FTS+fRLFqT4IpLlJ/cNG7GH4puTjgNCUC9Gdv/g40Yxx4:szx6y5u/hfRL4TNpLl8H4puTjgeY
Score

1^/10
behavioral10 behavioral9
- Target
  
  SharpCompress.dll
- Size
  
  467KB
- MD5
  
  8dfd5f8e773b0018ddc344e69e91d0c0
- SHA1
  
  e63128fc83172906a2ec2508bd5e721819948311
- SHA256
  
  d24d637f0920b7c94bded7905c562cb3bb1b8f1b6f8ade8f84c25f749112343b
- SHA512
  
  9cbd8e5e40546a4b2d4f31795273d0512a10b7035e9d7984f3ec9dc8a6b7513c82007f8edfb23e91c451b7d87902803b12eac11dbb586ecd00ff6a4d019dfa1c
- SSDEEP
  
  12288:q8OrjFNxvLWI+KnbJcltZlAaWRWSN6jb718oK2:GjFNxvLW7MdsSNe7q
Score

1^/10
behavioral11 behavioral12
- Target
  
  System.AppContext.dll
- Size
  
  19KB
- MD5
  
  b906366572177d428a8c3218b203b417
- SHA1
  
  c9a0c7200ad55960a1e1824b04718cbf6ca84581
- SHA256
  
  ea3a3003e10f44280074810934261b61a209c1ec1e9029b932742c853bde743e
- SHA512
  
  adb0d6f982e9f586d49eec0b8d775b98c87515e5c540968fd919864285ae6f970d00af7f8f5d0bdcce29b4c77f7fcf3247f461821781b020aa1413d2fa8b1282
- SSDEEP
  
  384:99JjWvfWJSUA0GftpBjY+ILKHRN71UlBRAhHvH:9Dgiiem1qRAhvH
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral15 behavioral16
- Target
  
  System.Console.dll
- Size
  
  34KB
- MD5
  
  9a179493da7fca4802d9e62637ffb0c5
- SHA1
  
  39c47f76e6b5da6a0ba2a8938903948100c192cf
- SHA256
  
  4901b934b9f46f759d44126375b42203e792086e78959345d358f9cdef23c49b
- SHA512
  
  d5197c4a244852986c17e4adeac273bf3bd9c9bcd21e542c0591978d369e204ef1b264771db08e2243b041bb6aef6fe4664b71d033ddfd3e163bed1a146bebb4
- SSDEEP
  
  384:PB+gmvxR9rloc7RX1o9Ulipjwjd5zfiN1NcWCEWwWNEW8Fm0GftpBj5aQHRN74OC:5+739JokxiIf1JSVivL4pf
Score

1^/10
behavioral17 behavioral18
- Target
  
  System.Globalization.Calendars.dll
- Size
  
  22KB
- MD5
  
  11702033de781f5fb80aff3570db0a7b
- SHA1
  
  30ae8c8e57bcabe27ba675fa84d4da6af3c10ead
- SHA256
  
  8e5a549c6c0339a5f88217e6b5b75b745a3c20fe97081b48062b684c4fa5d441
- SHA512
  
  20882a6634c4cbb93502379c43aafabc999c6280f59a63d4776ba2914d879cf182f00325f62cf4a720f0459ea9b0b23f4b64d4359c5f15af10a63ea1ee8a742c
- SSDEEP
  
  384:Id3ovRqXWDRqSRqj0RqFW5RqXWtRq6Rqq0RqFWB3rq0GftpBjZRqkPERHRN7cRqw:M3AqKqAqjuqOqAqoqquqGiBqkPEBWq8b
Score

1^/10
behavioral19 behavioral20
- Target
  
  System.IO.Compression.ZipFile.dll
- Size
  
  24KB
- MD5
  
  dcda916372128f13ada8b07026c1b3e7
- SHA1
  
  99d6c187de8510206a93d2eed9c65e65e0c86e72
- SHA256
  
  b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
- SHA512
  
  d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
- SSDEEP
  
  384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score

1^/10
behavioral21 behavioral22
- Target
  
  System.IO.Compression.dll
- Size
  
  109KB
- MD5
  
  9661714578a06ecb815369db1d364fe9
- SHA1
  
  629ce95c12b21678d877359ec4552d431c1cfbab
- SHA256
  
  b963eb95627b5f223e813fce8a53e6c9d72891714923de7263111473faebf3ef
- SHA512
  
  3dcfdd4916ba5af0ecc585405dd7a9ff58c79c583d8f5f62f12e75a9f12b6530e39637f4f795e39a23b2a0a9f476818f28ea9e9d1557aa5e6e14b5f5f56ac1cc
- SSDEEP
  
  1536:vUDglrO+lIFVkQT31aWzXCJ/tBvjZs1wJSGvNbZO0Wehg5aQKnfXmNo6/KwEBPD:Ugh3dBbi1wgGvIC1fWNo6/KwEtD
Score

1^/10
behavioral23 behavioral24
- Target
  
  System.IO.FileSystem.Primitives.dll
- Size
  
  22KB
- MD5
  
  17a701768a6f07f5f96a07a8a37bc8bc
- SHA1
  
  8374975ca07a300021ef0acaa4f908d5bfb102fb
- SHA256
  
  02a6f9601aa48557fc5c3bfed80e31762a0785b9f78ec568c9f2f0722eeb9c0b
- SHA512
  
  f8ee9515d4f3b15495c19e967c8eebf31cb5fc61a0e034d02ef03360515f970656ae38404f27f5dfb0fb61f423626d89ccd2dd4e08bb5f5cd7a67813f40b78c8
- SSDEEP
  
  384:7zwWdkWuW4kWrQ7q0GftpBjNJSERHRN7xl78oWCmtT:7PSEi7JSEB3eZ
Score

1^/10
behavioral25 behavioral26
- Target
  
  System.IO.FileSystem.dll
- Size
  
  22KB
- MD5
  
  84abec24a10c4d4f4b10887cb85fde6a
- SHA1
  
  b46ad93384323ed4aa88e8af3cdee208a88f1f6d
- SHA256
  
  2d917d520488b56673e74ac9dc610a2488ae70a7ebbbbff097c2e855ba1ef590
- SHA512
  
  54973fd33c986714556c97fe25a6a345b3df42f8b1f3a89d52b639a98d1d58aeb535ab7e75a8df0f0fe1cf4a558ee30e62c5fa4520ce62a837aab227e5a3d443
- SSDEEP
  
  384:34Ye1WQYWgWTYWz3rq0GftpBjUVLP4ERHRN7+lXhW/aFbz:3cz3iyEEBIsaRz
Score

1^/10
behavioral27 behavioral28
- Target
  
  System.Memory.dll
- Size
  
  138KB
- MD5
  
  f09441a1ee47fb3e6571a3a448e05baf
- SHA1
  
  3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
- SHA256
  
  bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
- SHA512
  
  0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
- SSDEEP
  
  3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
Score

1^/10
behavioral29 behavioral30
- Target
  
  System.Net.Http.dll
- Size
  
  193KB
- MD5
  
  e4b20eceadd0a1d030b407b02b913ebf
- SHA1
  
  bd1bfad57bbafe2b96fe72fd9fa791d5784290cb
- SHA256
  
  f48e85c97f8e473240db925d00ee871be9e2e7b684b313b911d5c2c14c47078a
- SHA512
  
  95b5819c9c27b123ff9c6a8a8703b6bd8857c006c67035d62c4ea58acda41266bc8a8c43847a010d28e4dd5195b04cf0d1dc409f0ce7d5bf59b36cd5d6845622
- SSDEEP
  
  3072:xfRYhjbg8BtBMeUQ8KQvtzDEZ0EsWOLyHF29j0swnIuhnY39zwVpDQv+fOch3ZR4:9KV+0sE1Y1wVptkpl3dkO
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Obfuscated with Agile.Net obfuscator

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32