85bbf058c82fa2979a3f3fa7e9b300711cacdf5da405006f3ef0265d29bf368d | Triage

Submit
Reports

Overview

overview

7

Static

static

7

Frozen Spo...me.dll

windows7-x64

1

Frozen Spo...me.dll

windows10-2004-x64

1

Frozen Spo...UI.dll

windows7-x64

1

Frozen Spo...UI.dll

windows10-2004-x64

1

Frozen Spo...I2.dll

windows7-x64

1

Frozen Spo...I2.dll

windows10-2004-x64

1

Frozen Spo...UI.dll

windows7-x64

1

Frozen Spo...UI.dll

windows10-2004-x64

1

Frozen Spo...an.exe

windows7-x64

7

Frozen Spo...an.exe

windows10-2004-x64

7

Sharing

General

Target

Frozen Spoofer.rar
Size

34.9MB
Sample

240627-11kf2swemj
MD5

8a93edd0031969834fc755632e90763c
SHA1

ea710727accc41d50b894fb7798302f6011b3e50
SHA256

85bbf058c82fa2979a3f3fa7e9b300711cacdf5da405006f3ef0265d29bf368d
SHA512

9d156c5f2f64b37fc2ebf60997b4cfdf4f9953e12a0a059930ced74a9dde761431925e3c5127026edc5fe2781a9bc08902e2ba013056bb0c43bf2b1c39a66fb5
SSDEEP

786432:YBJThnJEz1K4XtozlSrttrX9r3FcF6CSwKKnfFr0Mf:uJTpJM1dXtAlSBF97FJWfmMf

Score

7^/10

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Frozen Spoofer/AgileDotNet.VMRuntime.dll

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Frozen Spoofer/AgileDotNet.VMRuntime.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Frozen Spoofer/Guna.UI.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Frozen Spoofer/Guna.UI.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Frozen Spoofer/Guna.UI2.dll

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Frozen Spoofer/Guna.UI2.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Frozen Spoofer/Siticone.UI.dll

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Frozen Spoofer/Siticone.UI.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Frozen Spoofer/permunban.exe

Resource

win7-20240611-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

Frozen Spoofer/permunban.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  Frozen Spoofer/AgileDotNet.VMRuntime.dll
- Size
  
  328KB
- MD5
  
  f5483c14f581f42456fadae27ef55684
- SHA1
  
  1b8e76c9fb37c9a8d1f8472e69198cbdb566dbba
- SHA256
  
  64f398b6713fa649015fdd856c93bdd154031e9a2eefc0d4d5c1b96d90b42475
- SHA512
  
  4bd032dfdf8a1ff4550f6ed97ac43ead0f547da59c4015759dc4a3086cc911d53ea4691f509589c4c3e920f3d85266143c2d02f33db2d5ac3ee103ee77571186
- SSDEEP
  
  6144:WIwJ8mHw8daY2WMAqoKWvEpksAxg35oNoQXjRwfxXo+:nHr9
Score

1^/10
behavioral1 behavioral2
- Target
  
  Frozen Spoofer/Guna.UI.dll
- Size
  
  1.1MB
- MD5
  
  8673eae95d67e5eb19f0eca3111408e8
- SHA1
  
  ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
- SHA256
  
  576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
- SHA512
  
  65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
- SSDEEP
  
  24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score

1^/10
behavioral3 behavioral4
- Target
  
  Frozen Spoofer/Guna.UI2.dll
- Size
  
  3.8MB
- MD5
  
  a29c7159170dc36961cc7c6ae0ac6e40
- SHA1
  
  8fcaff77cda4dfca269f12d7f7284bd1dfb35df3
- SHA256
  
  8e0ebe5cebbcb46b3e870b6bfb20412a52f534240846220b7a5da7cad2d71903
- SHA512
  
  475b1695efc339b52d052ff17e7f9e245e1973f5fa93b79f482fb8baf9757d539cd8d5582544663824d091ad6919e315c0c524b055756a219bbf2fd901bd3537
- SSDEEP
  
  24576:cVaMMD+dmfoN6y42wVXXicKsZv76OqM8wd/8++XJVkhIiA6Gu1cJCyHQ/jzhpb:tAR7wVCEZvum8wJ6T6nmO
Score

1^/10
behavioral5 behavioral6
- Target
  
  Frozen Spoofer/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral7 behavioral8
- Target
  
  Frozen Spoofer/permunban.exe
- Size
  
  33.1MB
- MD5
  
  26a0ee034198a3163d7a4855dd246e63
- SHA1
  
  71fbd2e16a4c4ddaba065f8fd1d81e9f365f38a7
- SHA256
  
  28eae7cb4ab18555df3a1209513dffbfc27a8a098ad0b36754ac82eda131fd88
- SHA512
  
  88d1c582dbaca74d3b28541d465c2d678c594763e6098e327cc14a86da237e59b9444e18aac31da3e4b4fc77c8124363a66b64564dc40234a93d7b1fb18a9d04
- SSDEEP
  
  786432:5C1LbwgI7+I+w32BcdcfgEbZzIdUieRWacVqGiiihca:AYgI7GY2eGjbZzIheR/cVqGwh
Score

7^/10

agilenet
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

© 2018-2024

Terms | Privacy