Overview

overview

10

Static

static

7ddf1c0004...7c.exe

windows7_x64

7

7ddf1c0004...7c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ddf1c0004d5cb08afdb7a4ad2198232c584ee7c.zip

  • Size

    863KB

  • Sample

    210416-84ps4ztv8s

  • MD5

    febbc85bbeecb2e4c097fa47f7a038b6

  • SHA1

    452a1dab08e83f43a7507bc408d6b82584a38b27

  • SHA256

    a9f6ef13af75a45e21a84953e3ad505fc5f5bcd0d126ed5f8cb2bbccc5e698c1

  • SHA512

    ef85d02e57793c7aa4f9200912d884b4481385250b22a89900e4f51c60ca2d259cdc3206892661cdddfa4df4d5f423fa5928cd65c0b7ee3e30a913f36f24ea87

Score
10/10
agilenet

Malware Config

Targets

    • Target

      7ddf1c0004d5cb08afdb7a4ad2198232c584ee7c

    • Size

      1.4MB

    • MD5

      2cb8100f3ebd38a989dc97a960b86aa4

    • SHA1

      7ddf1c0004d5cb08afdb7a4ad2198232c584ee7c

    • SHA256

      1969a9dbc990ec8d4c4c9b8133a7a7ec4651f2e5af0bc1da9e6973a22f34aad3

    • SHA512

      2bde24565262adf6a990d09dd5d25acc4fcefb94d65cfd05d49dcf6f8daf2b7ec784cb55b0f146887e52d2c3121c2f97f01571de2cbf3a675fca9b745e168a0c

    Score
    10/10
    agilenet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks