oblique | 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e | Triage

Submit
Reports

Overview

overview

Static

static

0283c0f023...5e.exe

windows7_x64

0283c0f023...5e.exe

windows10_x64

Sharing

General

Target

0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e
Size

5.4MB
Sample

200828-hkf3ryzkl6
MD5

d7d6889bfa96724f7b3f951bc06e8c02
SHA1

a897f6fb6fff70c71b224caea80846bcd264cf1e
SHA256

0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e
SHA512

0aabb090791d8b7c5af273793d61bc7ef164343d027e12b58faec66dbdddb724f58b267a423088ce06c52420af80ffe276b448cd3844fee4f929a98b0f64ae75

Score

10^/10

oblique persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe

Resource

win7

persistence trojan oblique spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e.exe

Resource

win10v200722

spyware persistence trojan oblique

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e
- Size
  
  5.4MB
- MD5
  
  d7d6889bfa96724f7b3f951bc06e8c02
- SHA1
  
  a897f6fb6fff70c71b224caea80846bcd264cf1e
- SHA256
  
  0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e
- SHA512
  
  0aabb090791d8b7c5af273793d61bc7ef164343d027e12b58faec66dbdddb724f58b267a423088ce06c52420af80ffe276b448cd3844fee4f929a98b0f64ae75
Score

10^/10

persistence trojan oblique spyware
- Modifies system executable filetype association
  persistence
- ObliqueRAT
  Remote Access Trojan discovered in early 2020.
  trojan oblique
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencetrojanobliquespyware

behavioral2

spywarepersistencetrojanoblique

© 2018-2024

Terms | Privacy