Analysis
-
max time kernel
102s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
Explosive Launcher v15.8/Explosive Launcher.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Explosive Launcher v15.8/Explosive Launcher.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Explosive Launcher v15.8/How to Install.url
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Explosive Launcher v15.8/How to Install.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Explosive Launcher v15.8/How to install (Video).url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Explosive Launcher v15.8/How to install (Video).url
Resource
win10v2004-20241007-en
General
-
Target
Explosive Launcher v15.8/Explosive Launcher.exe
-
Size
22.3MB
-
MD5
ddd9abe3b6c165dca62da949ee2f4084
-
SHA1
5fc389f190857fb7f4a55f04037c94404dabf7d5
-
SHA256
1efaca81cc2f95850a1d8b1728c866f37f1ce5bc74ff439a1dae9ce5b4e950fb
-
SHA512
b838f73cc7fe968346893d93cc8b29a583d5be9f63b4a57fee063390395de5171901ebbdf9ac76afcf0aff2dd3e6555d02a9c9ad66e914704a9be384fa9a9084
-
SSDEEP
393216:qYM4xYPYE4/5jpC1FhK+sQ4oy6OntgiOGIUrc7Cwrc2G/Ui6pBt/a9:9E4F4s3SOOiOdUrcprzG/Ul+
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/memory/2428-33-0x0000000007470000-0x000000000748E000-memory.dmp agile_net behavioral2/memory/2428-34-0x00000000082A0000-0x00000000083EA000-memory.dmp agile_net -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Explosive Launcher.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2428 Explosive Launcher.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD55468e8ae287495d52508a13cbcb7b360
SHA12138bbeb2ae24b68e6cb6b02a9ce550ec3ef2936
SHA256ede2a5dcff2822ef16620cfcee512927bcd91891d00a163996c7a518e8ee1160
SHA512ed17646e58449a1cc4677e46bb5b8b5952236747f9aaaf59af87c99cf81d2ee9569fe4677115fad8b16b322084a617d97eea63b5e6297638f7b9f71fabf0c9fd
-
Filesize
77KB
MD54e2217c1a8309b2762499eb007d4109d
SHA128fe03761bcf26c9a693b36aa896fab9e84105ae
SHA256b2d222cf844044a138c5152c56665367d079bc7877bd09a9ba74bbcb677523cc
SHA5124202a07dc54c2f2699f7d9c4e1f226fcfea69a69e3f08d9f1d436511861e2e910bc7fbab551de37fddcf654c02e7838ccd1fb9dba87e0bdacd4f023c31b97d72
-
Filesize
92KB
MD57ac043ce58c2e61adcf7ebac9625d31b
SHA1969e004de800fe16cbe8d0f14529a358ae8066de
SHA2568cab5362ebfab49d8d371eb9a98e7cd4f70e59e41ff718fa2b4741c47d2b4a41
SHA512deb05ce5971d45dc5a40f4d0f24115ebd7128e14d3f3815fd06b18d75c34d5db91dc8c6ea0619ca0df6d8df3768891916e482f62cd8111a16ea8f5dc9d86809e