Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2025, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
Explosive Launcher v15.7/Explosive Launcher.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Explosive Launcher v15.7/Explosive Launcher.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Explosive Launcher v15.7/How to Install.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Explosive Launcher v15.7/How to Install.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Explosive Launcher v15.7/How to install (Video).url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Explosive Launcher v15.7/How to install (Video).url
Resource
win10v2004-20241007-en
General
-
Target
Explosive Launcher v15.7/Explosive Launcher.exe
-
Size
22.3MB
-
MD5
368a676abc032208d0b935753e3cdf48
-
SHA1
991f4a40286eef6179bfaa91e8c258d0097bfbcb
-
SHA256
fc3b80514864bc18ab5f1a2c243889c5775e2df31edc7db42a5ab2a3f96e9d96
-
SHA512
4f17f2cc013f6c8cd85a284b589577e6060b9d89be42727eee37a62e969e5fb3f24f7ef13a4707dec7b5e3947ffb4d6b321c15c00b8cc7cd3a796159a44338b0
-
SSDEEP
393216:hYM4xYPYE4/5jpC1FhK+sQ4oy6OntgiOGIUrc7Cwrc2G/Ui6pBt/a9:oE4F4s3SOOiOdUrcprzG/Ul+
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/memory/272-33-0x0000000007360000-0x000000000737E000-memory.dmp agile_net behavioral2/memory/272-34-0x0000000008180000-0x00000000082CA000-memory.dmp agile_net -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Explosive Launcher.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 272 Explosive Launcher.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD55468e8ae287495d52508a13cbcb7b360
SHA12138bbeb2ae24b68e6cb6b02a9ce550ec3ef2936
SHA256ede2a5dcff2822ef16620cfcee512927bcd91891d00a163996c7a518e8ee1160
SHA512ed17646e58449a1cc4677e46bb5b8b5952236747f9aaaf59af87c99cf81d2ee9569fe4677115fad8b16b322084a617d97eea63b5e6297638f7b9f71fabf0c9fd
-
Filesize
77KB
MD54e2217c1a8309b2762499eb007d4109d
SHA128fe03761bcf26c9a693b36aa896fab9e84105ae
SHA256b2d222cf844044a138c5152c56665367d079bc7877bd09a9ba74bbcb677523cc
SHA5124202a07dc54c2f2699f7d9c4e1f226fcfea69a69e3f08d9f1d436511861e2e910bc7fbab551de37fddcf654c02e7838ccd1fb9dba87e0bdacd4f023c31b97d72
-
Filesize
92KB
MD57ac043ce58c2e61adcf7ebac9625d31b
SHA1969e004de800fe16cbe8d0f14529a358ae8066de
SHA2568cab5362ebfab49d8d371eb9a98e7cd4f70e59e41ff718fa2b4741c47d2b4a41
SHA512deb05ce5971d45dc5a40f4d0f24115ebd7128e14d3f3815fd06b18d75c34d5db91dc8c6ea0619ca0df6d8df3768891916e482f62cd8111a16ea8f5dc9d86809e