Inv_36571_VIC_Pty_Ltd.exe

General
Target

Inv_36571_VIC_Pty_Ltd.exe

Size

580KB

Sample

210408-16xha6y766

Score
8 /10
MD5

5b1363c3b88bd52a0f4044b51c0791d8

SHA1

3b1b46eb883c1b79e403e12c3157b6423f13af07

SHA256

04b5f5af6b41722e400498a6540445cfcc1c056b328401eb662fb4d29ee02a5d

SHA512

1370e1814663c433cb6c8b69b382e6ac1da1b55ca56aed1b9575d19957b32bd5d2b7835cbf6105e4ec8f2a8acd335dcea0697db123068c7e635b35a087117bd0

Malware Config
Targets
Target

Inv_36571_VIC_Pty_Ltd.exe

MD5

5b1363c3b88bd52a0f4044b51c0791d8

Filesize

580KB

Score
8 /10
SHA1

3b1b46eb883c1b79e403e12c3157b6423f13af07

SHA256

04b5f5af6b41722e400498a6540445cfcc1c056b328401eb662fb4d29ee02a5d

SHA512

1370e1814663c433cb6c8b69b382e6ac1da1b55ca56aed1b9575d19957b32bd5d2b7835cbf6105e4ec8f2a8acd335dcea0697db123068c7e635b35a087117bd0

Tags

Signatures

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Description

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    8/10

                    behavioral2

                    8/10