Overview

overview

8

Static

static

Inv_36571_...td.exe

windows7_x64

8

Inv_36571_...td.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv_36571_VIC_Pty_Ltd.arj.arj

  • Size

    362KB

  • Sample

    210408-7nrfwm18xx

  • MD5

    152655e4278176eb7e80373c92452584

  • SHA1

    0ce7df22f07c014427ba78a598509da1ff50e8dd

  • SHA256

    26f59408ce806ef0d84a40355181e1ba65cf8c49acf413e350527841f5e7924e

  • SHA512

    872bca5e730f394975ba83ad51d2082af8e1e31dfeeb634fda921c7b69827731fe066689c45d8e8e787846491a8c919b1d678791a194557e46fa3e6ac1653ea2

Score
8/10
agilenetpersistence

Malware Config

Targets

    • Target

      Inv_36571_VIC_Pty_Ltd.exe

    • Size

      580KB

    • MD5

      5b1363c3b88bd52a0f4044b51c0791d8

    • SHA1

      3b1b46eb883c1b79e403e12c3157b6423f13af07

    • SHA256

      04b5f5af6b41722e400498a6540445cfcc1c056b328401eb662fb4d29ee02a5d

    • SHA512

      1370e1814663c433cb6c8b69b382e6ac1da1b55ca56aed1b9575d19957b32bd5d2b7835cbf6105e4ec8f2a8acd335dcea0697db123068c7e635b35a087117bd0

    Score
    8/10
    agilenetpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks