Overview
overview
10Static
static
3Imperium.exe
windows7-x64
10Imperium.exe
windows10-2004-x64
10advpack.dll
windows10-2004-x64
1aeevts.dll
windows10-2004-x64
1aeinv.dll
windows10-2004-x64
1aeinvext.dll
windows10-2004-x64
1aemarebackup.dll
windows10-2004-x64
1aepic.dll
windows10-2004-x64
1agentactiv...me.dll
windows10-2004-x64
1General
-
Target
c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4
-
Size
2.5MB
-
Sample
241204-shg9zayqaz
-
MD5
b92517f43a1d4008515c9f91d055d26f
-
SHA1
fc6e24810f86356e74df241d92b9f03aeaebcf93
-
SHA256
c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4
-
SHA512
29236146075de6215bb425c6e1e162930eaf99d215a0eecd7ae304ca7ea8314b0eb44a940edd382bcf306e5c3fda699ec720dd905390e118d86840f90323cadb
-
SSDEEP
49152:mv0ZGMGEClXTCWYECZVu5Cx7L0V3dyyR4XKo+CsXghlKiA2k0kET1xxsn4:mvCXTAnJdiX23FOaY4ivk0kE1xxT
Static task
static1
Behavioral task
behavioral1
Sample
Imperium.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Imperium.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
advpack.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
aeevts.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
aeinv.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
aeinvext.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
aemarebackup.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
aepic.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
agentactivationruntime.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
phemedrone
https://www.plufferr.com/api/send.php
Targets
-
-
Target
Imperium.exe
-
Size
895KB
-
MD5
2e627886f546dec55fd0243de22f966e
-
SHA1
32bcbfd80baef07a2e05b8ed673a469741b74828
-
SHA256
fe21d4c63aa2ec21a4311955decfcf4d8dd7ec73bc9fa07655e14de6762489e7
-
SHA512
9642e596de2c2f2995180d5c4ec87619b10aaad1ca846eff55ed9c32c513b6994f47d87b3dc52e7a9f5990c4bac019d57dc8bcb3ea6381a43a176169067fdb3d
-
SSDEEP
12288:Wh1Lk70TnvjcQexF/3hr9mvqXO/bW8/1Ci9uJ41I8opwxcHXi2jlXWnbkQ:6k70Trc7F/3aWO98PZUqXieXWnb
Score10/10-
Phemedrone family
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of SetThreadContext
-
-
-
Target
advpack.dll
-
Size
176KB
-
MD5
327c4cbba43881847674c831e4b1a672
-
SHA1
1277cf5c846a25b9b9e19f9a7ca92377b91a92c9
-
SHA256
d91af176c416e14d9533614287fe1175fcd193ee8125280ee777c92ef7e683b9
-
SHA512
5cf4d9ca80f43bd845ca428a63fc1267a5a688b7378758b950be5b3d06d81e3011bfe2ff32d50fc30b2bd58632490190b9a5e98d59a121644550adee1b27d38f
-
SSDEEP
3072:glgx98bHDj0qjbcB6hRu+0GU0AuJ9UqhE7LMxQcWVrFO8h:MgxwMDURu+0LvuJ9UsEkxQcW28
Score1/10 -
-
-
Target
aeevts.dll
-
Size
40KB
-
MD5
b1fb90460e64ff5fb355015e0aaa8f55
-
SHA1
b29edfe643774951f26555c39ab0d89e6cbea62a
-
SHA256
3e9eeef724a1cfc8efd28d844c2ef93fbc9c589fb967972826ec1e85f7b30e1a
-
SHA512
f89fbdd78203709a3aac5490295f987869754fc9c4e260be8b5c05c7d31888d984655d453aa9b9e5070cf3f6a2214e2a669d5acddb8263c4b5255d096128491c
-
SSDEEP
384:TWtTWJjQAI2mNChgCweNvpBJG9EgRVLFMmBeJ71aLa0aua0MR9nil8pf:+EBuFMPp
Score1/10 -
-
-
Target
aeinv.dll
-
Size
1.1MB
-
MD5
83801773bdc161a1a6cf03615acffb76
-
SHA1
3cd3c85b815df66e1672dbbcc7008b90a9501bda
-
SHA256
bc298d57abe6d3537a02373da2de4cfb489ccaa789bfb38d06f45dfe0d3a8ffe
-
SHA512
489159edf0a6a701ef2d183ab9a635e1be9c8e648eb747e6dce5d3f3c85ce7a5d582360197835852f160d6d3fd632cf43951eb8d2fd3ab9306fefe946ebd4818
-
SSDEEP
24576:/eOYWsOYk8nuolHY5tgbechOUuggnnMxV54:SWs7kAHCcgnnMx4
Score1/10 -
-
-
Target
aeinvext.dll
-
Size
137KB
-
MD5
b077dca3a3302c6698704db7dc479f83
-
SHA1
fb32cd263cca1bc4c161845170e2bc457b1218fa
-
SHA256
5798ca103742e38b0f3fd76d7d4ea67969448b42d1773fcb5a0044b973c3bb8e
-
SHA512
f11b86857b8f3b0d60c34348184d795c8c15bf8c0c9e88aa22dda842b9bfea678bd589b5aad71f4cbcd5993f9fdc2787b17ed58ceba9519a93147e69b373d46c
-
SSDEEP
3072:D3iMxAOK2PfVvIuHFIZBsXI8+4KyhmX6Fym:GMxTtvIuHqfs+yhmKj
Score1/10 -
-
-
Target
aemarebackup.dll
-
Size
865KB
-
MD5
3406bc45650f31a6290a065f88eb63e6
-
SHA1
e41c610ff423f2e5099f106c656b546b3e0e9983
-
SHA256
7a2ad332f71754ded3a208ccc8c895a8a6f2d3fddaf44dd1d06a65f723c397e2
-
SHA512
00916db3fa133e81518069ba806848ae1811f347c0c6ff015ab5a14c6630f40d7609b5f666cd78466801a621829c3a97ebe9b564f3aedb77f16e5fc8b368dd57
-
SSDEEP
24576:w3pg8cKANDLlG8YR93n6YlVnfKIBTSBrE:Qpg8cKYLl8R9X6YlVn1tYI
Score1/10 -
-
-
Target
aepic.dll
-
Size
614KB
-
MD5
a039814fa8bb5e0258fc75da497f3ca5
-
SHA1
baaaa523c51e7053937c46f1b706f1ef928dea43
-
SHA256
5ae3b209390d6e5a6a25e3cd9fc15f5a58c8167d6edc6488cc65b854ef234681
-
SHA512
0aae23dbc7a3cc95993bf146fe651e5f0bcd55d223aaa80bcbdbbefcce812483d204e003fc9d9d2690502291f2b413ff195e5821fa533b74331cf63ccac9eb58
-
SSDEEP
12288:YqKwm5+thXf9VWazkipXdCQwJmCSlfWY/p3Tt4WGU:w35+tZV0okipXdCQwTS0Y/p3Tt4WGU
Score1/10 -
-
-
Target
agentactivationruntime.dll
-
Size
1012KB
-
MD5
44dfa56134ed49e584a12780e5c2e9c9
-
SHA1
f605d11115e0c4f98558fdcd13b61bfba452af43
-
SHA256
367f1fd7dcf1af6c3e1f1d8a37f471350fe8eb0a5b1680e990c2a5497b2b5cbe
-
SHA512
766a4f471fa2c981199b9bd84f6a561f04f8a199377ad9c71a558d5281a636e3b8672bcd0d51f22ff6c7d47fcaa4cd836e103c2fb66cd2926b559109a5743648
-
SSDEEP
12288:PbCYEaLDjT5G0AleAyCzRcdjv8nzsLJWd1XTfVATQjO/d:DVLDjQXlW8C7FJWd1XTdAZ
Score1/10 -