Overview

overview

7

Static

static

bfca5d2ddd...24.exe

windows7_x64

7

bfca5d2ddd...24.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bfca5d2ddd8840dc1f6c49309bbe1924.exe

  • Size

    1.1MB

  • Sample

    210412-x73cksy4xx

  • MD5

    bfca5d2ddd8840dc1f6c49309bbe1924

  • SHA1

    b0f0462dfa8fd68617a7e458f9f24586177b3ed2

  • SHA256

    ef1bc7566ce113d6af42b9eecc63f0b69b3eeebcc2896d63bf948be6c295dc3a

  • SHA512

    8c54c8a7a37c637dc6bde8603433b5da536a796aaccc19e22c1e781a9907e6d891b49bbf051837719ca582f3f1e154851ab82d1a53eb47ab2a882caf3c14dda7

Score
7/10
agilenetspyware

Malware Config

Targets

    • Target

      bfca5d2ddd8840dc1f6c49309bbe1924.exe

    • Size

      1.1MB

    • MD5

      bfca5d2ddd8840dc1f6c49309bbe1924

    • SHA1

      b0f0462dfa8fd68617a7e458f9f24586177b3ed2

    • SHA256

      ef1bc7566ce113d6af42b9eecc63f0b69b3eeebcc2896d63bf948be6c295dc3a

    • SHA512

      8c54c8a7a37c637dc6bde8603433b5da536a796aaccc19e22c1e781a9907e6d891b49bbf051837719ca582f3f1e154851ab82d1a53eb47ab2a882caf3c14dda7

    Score
    7/10
    agilenetspyware

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks