f97034b507b27905197c61afbfd9d8b1868d07b9558fb13af6a08ad79b37ed26

Sharing

Copy URL

Twitter E-mail

General

Target

Luxury_Shield.rar
Size

7.8MB
Sample

241001-xgakysvelq
MD5

c2339f6523d32a105e681525a7eefbb6
SHA1

35591997c8454c104c226f7e71ee3d940a8828fe
SHA256

f97034b507b27905197c61afbfd9d8b1868d07b9558fb13af6a08ad79b37ed26
SHA512

2cc9c9e56fcdad7c3ca99f27ed649d1630214c03305569dca17f8e48f4218dcbb1c8383e9c7b7e96b2cc3c453cb8cacd8ed6f7decdae018b61bcc1467007f87b
SSDEEP

196608:DDUBRihgCi5GDokLtvobPTUXjNxpqTM6eiSvg3Xps:DBViEckLx8TUnpqTMkGgHm

Score

7^/10

agilenet discovery

Malware Config

Targets

- Target
  
  Luxury Shield/FontsInstaller.xml
- Size
  
  43KB
- MD5
  
  531f8be30cbbce50349de56644c66e34
- SHA1
  
  cf2ffb0c7f60596db3060c3ad0cef9c73de96943
- SHA256
  
  089c9b63cfed530c5bd6d492954d602f7fb94e34b8faa72db8a9e442b428fec9
- SHA512
  
  949b00317bb41f4351ee744fe4cbfbd3df9e1d172b752645bb9790e0856136dfedb866e2bd289a52d36dc46c91f3dd2b0bebdc2a420216b9d6c4fc2dd5a2c2c8
- SSDEEP
  
  384:nLFclSEsb/h0jvmKTNfjoMHYNdAPkSZBPVgGvmeMN+eBDP8oUEt4QBN6:Ls6/PSP8P8oUEtV8
Score

1^/10
behavioral1 behavioral2
- Target
  
  Luxury Shield/Guna.UI.dll
- Size
  
  1.1MB
- MD5
  
  8673eae95d67e5eb19f0eca3111408e8
- SHA1
  
  ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
- SHA256
  
  576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
- SHA512
  
  65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
- SSDEEP
  
  24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score

1^/10
behavioral3 behavioral4
- Target
  
  Luxury Shield/Guna.UI2.dll
- Size
  
  2.3MB
- MD5
  
  9fb60db5dbddc1ec521625d416b17aa6
- SHA1
  
  7f1da0b32a51a59298afae41f14e0ae6691d46a0
- SHA256
  
  78e51511b28efc474e92d060dd5123343631ee7d3400b6c317a518412c3544db
- SHA512
  
  5607c16a7f5e51e14e6b697e1171fbbfc7df84ea3395738935bc12a52b5ef7d769071d7d0cd241b3e2daab3bf0657f4f2411da2a3c2091a422287cca79b81b73
- SSDEEP
  
  49152:dF1h+CUn8yaJS7YmLdxvOOuOi6oUdzt159QoFosA9y9/H8/qW5rwGxdfkowGQJDM:gbLjv9UMGTke41u
Score

1^/10
behavioral5 behavioral6
- Target
  
  Luxury Shield/ILMerge.exe
- Size
  
  668KB
- MD5
  
  2bb6322885e6ca0986206de174e842c9
- SHA1
  
  c5ea70169106d32bc513d28ea76ae8ea1e49380b
- SHA256
  
  8110d740b485bcb06ff406b17001714c3a146fe6517098c9dc90d812b83389fd
- SHA512
  
  9750180c54a5bd8f0e1fa8a8f529364430f2ef444efbf8ac51e8d2a0aaa4e3d21fe553865ba8567c7c19e4ae84d04b20464f391743e88c52c00cac0bf20fc2a7
- SSDEEP
  
  12288:8E8Q+HlWx+TV7109nrRoTQhfL40+FQT7gWoi:hn+HQp9UQ2dFNi
Score

1^/10
behavioral7 behavioral8
- Target
  
  Luxury Shield/Luxury Shield.exe
- Size
  
  6.1MB
- MD5
  
  40955751ffb3df0dd4cef5728cb0a2c5
- SHA1
  
  6219105ac9261fd9eedaf9eb103f2a856e43b4ba
- SHA256
  
  07c5f5c6595f9ccb544b2d78677fce86084b1821474216a6d3d3241701d4692c
- SHA512
  
  a9bf58a9ef3dbaf01fe42b00dbad3c0455dc9d2da78833a1c05bc98992722ed044d90529272dfaedb62d1c9d09b3336774b82015c74fdc9d1279596756639808
- SSDEEP
  
  196608:nUJ5nwUlVzBvx4DkwjdtBC5U45+YXGJPVc9hC:UJhfBv67d/C6YXGJdc9hC
Score

7^/10

agilenet discovery
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral10 behavioral9
- Target
  
  Luxury Shield/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral11 behavioral12
- Target
  
  Luxury Shield/System.Web.Optimization.dll
- Size
  
  69KB
- MD5
  
  68abd36d1bc8a214214d4551dcda5162
- SHA1
  
  72a420f9026890fc6c7f6f3a8050fd4dcf7e2d4d
- SHA256
  
  321b29486a5c3195574552ad05dba2199572db3a3ba3952bd1ee768cc3f8cedd
- SHA512
  
  bde5737d5e5bc81089ce89975a52c3f502b76d0b4fc6c0543e8edcc2790cbc55b48a9f8b522a0c87f98388d7d0533fe7048d79a10325f38b5a9c1f3e54c4c838
- SSDEEP
  
  768:O7wHXoDClYMX6UYg2okay6kz+0TmzYJe+nxPDC0jrqVjSEd6BrQjLwnGUP5HpoDA:OwHMahf2o/BfYJZx7AMEdurKLmDiz8J
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

.NET Reactor proctector

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14