Trojan.Fragtor.AG
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Fragtor.AG |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
ba7e2ad2f7f11a5c4ac0bd037bc2ab2d
SHA1:
03f8a0bd712513f42d3fb6ac517dedb5d2723e7c
File Size:
9.23 MB, 9227016 bytes
|
|
MD5:
c1b76581cd56e365013b83584d54f9dd
SHA1:
14df75754052fec63433953200e23960953eaf6d
SHA256:
F267C65538D6CDC04244C401EE06A1AF02F15D43E6737A665536F18F3D0B16AA
File Size:
9.23 MB, 9227016 bytes
|
|
MD5:
fe43d5a2117003785fd3c21c6f841a57
SHA1:
577e2e1b97263d30b831740d93d9ff2fe14b6c77
SHA256:
74172F0F7BF06B04368BE80E5EC63D99BE324DECB501C4463C2BBE98E6C3002F
File Size:
9.23 MB, 9227064 bytes
|
|
MD5:
587a131ae5a0dfab478a5511f34a71ca
SHA1:
24c9404ee90125a6ee476e7a941d5d81ab26c269
SHA256:
D753C32911BB79719C37C7A6EEC7DBE4A8F17B554C4F85CE0EF6CA5462F65C7A
File Size:
9.23 MB, 9234040 bytes
|
|
MD5:
e19618a4baf0df2b977d7ed96fd62024
SHA1:
ce022f5a3c2fdba78aaf353edc4d690fd34b85f1
SHA256:
5F67DB8FB1A6FA42ED7D766202460A569620FC763650D55A3DBAE29EE963120C
File Size:
8.05 MB, 8054760 bytes
|
Show More
|
MD5:
374555c50dd80a5efa2fb10ebd87cdfa
SHA1:
52f28b0098d7342d45c2e52e1b39ca73f510ba43
SHA256:
B9B3985D1BC866D84BF9B362F5025457FD85FB46893302A7D4725FFF3E2E7CDD
File Size:
9.23 MB, 9231680 bytes
|
|
MD5:
69b8ee4c13c54cdec7c6e53ea718ec95
SHA1:
96d7c4463de3bdc9b54918daf203349001254a86
SHA256:
AFB85DC8450FF21CB5E020015F36251114D7BF64641D6F51AF54818541B7E101
File Size:
369.15 KB, 369152 bytes
|
|
MD5:
3e81859ad35d50edf5312880c9d5664a
SHA1:
16515b2c63c90dd50eb55587e74337f50a35254f
SHA256:
267E013E5AD91210DB209A7B34838D742A5DC721ABE3F122418D44FE87E0AD2F
File Size:
9.23 MB, 9231680 bytes
|
|
MD5:
668145965a9e1eb5618caee01e341f2a
SHA1:
3a387d8baecb22dce070c105dc3b36665079ecbc
SHA256:
2915470DAE0517DEB90143C19E9336B874A7EA26DB034DB26E7A25B918EFEF5E
File Size:
7.24 MB, 7237920 bytes
|
|
MD5:
b827f7e1795f618b16302634f59ca5da
SHA1:
952d7ce6ace5789b8a164179932d9d0858d59e12
SHA256:
E5113E8DE847081990FA13A4F727CEFEEB408BCA2E012A7B2DAF5977E871C33E
File Size:
9.23 MB, 9231712 bytes
|
|
MD5:
97770358a3225da163fee4534094c979
SHA1:
74c0389e7b6e584687fdf2439043ef7dd28cdf0f
SHA256:
FC8400B4195174A8E57BC11508508476DCA55CFA6FE4516419FBA5A21AAE82E6
File Size:
8.42 MB, 8416656 bytes
|
|
MD5:
8ffb2b5a5472fa53271f80088560db63
SHA1:
664cb0bd9dc67394bd812246fde121b3a8cb472e
SHA256:
5409BBA2D50C726C22E0575B79F45BFABE943028C5EC4FBC34C44F0293D2BB0D
File Size:
9.23 MB, 9227008 bytes
|
|
MD5:
9c1036363966ef58991092f54fef269b
SHA1:
4062e98720a7af4a4b9a7cd9fd5b529e948f4366
SHA256:
570119C13F704FC1DBACCD53A3B09C2B088388132DC883331E2E19F8CB4C6EF1
File Size:
369.15 KB, 369152 bytes
|
|
MD5:
0876e6cac75c00039eb963a1735d8c51
SHA1:
a31475b6c8c8f1271d4de26b607373b582108a2a
SHA256:
5986303387157E12FB675A31CB4B3A48FD1AC878CE6BC420AC2B0C2F187A7218
File Size:
9.23 MB, 9234008 bytes
|
|
MD5:
f805ae1670a59d1f6bfd168c3e1358e2
SHA1:
1ba770c983d177cef6d4ff27b43e0c1fbccac60a
SHA256:
8069993D503F043A0F23D561E6092B5296B53B9E1F281359C7D864C321D966F2
File Size:
9.23 MB, 9227032 bytes
|
|
MD5:
1f7b0de57cd223ef0a74bc27352b6fab
SHA1:
4239f2dc5290c8061c409fe05be728a4f9baddba
SHA256:
EE51265C50C4F32B0FD9DD510D50E1A03DF4E399242189DB59D874B0F1238214
File Size:
8.05 MB, 8054784 bytes
|
|
MD5:
ac06e24cefe482061e7f57d9b746f029
SHA1:
025f28e013e49991ebac355f50405b0e04d8a892
SHA256:
9C0A58EBF1C35902ED9ADE70CBF056572655192461CD816E444F4156A1EBF756
File Size:
9.23 MB, 9234024 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Set Neither...nor | Celebrity Sloppy | Self Signed |
| Counterpart Temporary | Dire Interpret | Self Signed |
| Eiglomputter Honoraries Group | Eiglomputter Honoraries Group | Self Signed |
| Elinsonizinc Backspaced Group | Elinsonizinc Backspaced Group | Self Signed |
| Hoist Deed | Fugitive Count | Self Signed |
Show More
| Reduce Built-in | Linen (hood) | Self Signed |
| Order Gasp | Pal Crave | Self Signed |
| Lid Profit | Peanut Hush | Self Signed |
| Tissue Extinguish | Plea Landscape | Self Signed |
| Film Salesperson | Refute Retrieve | Self Signed |
| Scramble Swirl | Rumor Roll | Self Signed |
| Look Anyway | Salary Shake | Self Signed |
| (UV) Pluck | Swear Judge | Self Signed |
| Around Flank | Thaw Nod | Self Signed |
| Infantry Off | Throw Yearn | Self Signed |
File Traits
- dll
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nsa1948.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsb4f3b.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsb7d9a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsb7d9a.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsba48a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba48a.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsbfabf.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsbfabf.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsbfabf.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsbfabf.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\nsc23e.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsc90b1.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc90b1.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsf5901.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsf5901.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsf5901.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsf5901.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg1aa2.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg1aa2.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsg1aa2.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg1aa2.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg59f4.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsgf956.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsh5b7d.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh5b7d.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsh5b7d.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh5b7d.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsia8a0.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsia8a0.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsia8fe.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsia8fe.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsia93d.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsia93d.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsia93d.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsia93d.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsked94.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsked95.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsked95.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsl4a20.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsl4a20.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsl7d89.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsla489.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nslbd99.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nslbd99.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nslf976.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nslf976.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsm519e.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm519e.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsm519e.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm519e.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm7287.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm7287.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsm90a0.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsn3b7.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsn3b7.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsn3b7.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsn3b7.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nso567f.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nso567f.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsoaa96.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsoaa96.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsoaa96.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsoaa96.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq1959.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq1959.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsq4f5b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq4f5b.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsqeeee.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqeeee.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsqeeee.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqeeee.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr24e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr24e.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsr4b79.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr4b79.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsr4b79.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr4b79.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr7f31.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr7f31.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsr7f31.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr7f31.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss9248.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss9248.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nss9248.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss9248.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nssa8de.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsw4a10.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsw5a05.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsw5a05.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsw7276.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nswa640.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswa640.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nswa640.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswa640.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswbe27.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswbe27.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nswbe27.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswbe27.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsx73ff.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsx73ff.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsx73ff.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsx73ff.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsz566f.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Syscall Use |
Show More
|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\96d7c4463de3bdc9b54918daf203349001254a86_0000369152.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4062e98720a7af4a4b9a7cd9fd5b529e948f4366_0000369152.,LiQMAxHB
|
