General
-
Target
1375950da71f03040d4043d9d84ac4c9.exe
-
Size
2.6MB
-
Sample
210720-pzf9j3ad66
-
MD5
1375950da71f03040d4043d9d84ac4c9
-
SHA1
5f4baed37f6eb23d1b6efbe58ece75030f701a77
-
SHA256
635764197d1aff622d35d6b6c44a72c8a09b60a55ca465cef868ba428b30b164
-
SHA512
900a66f69a6392e5e73fc52b5ecd5a50559256c8e55dbdeb8ad5634a41774a9745cd07bdcf12ad4c77c39107748fe3ed11c4b27d2c0b518448949ed4e1606ce6
Static task
static1
Behavioral task
behavioral1
Sample
1375950da71f03040d4043d9d84ac4c9.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
1375950da71f03040d4043d9d84ac4c9.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
1375950da71f03040d4043d9d84ac4c9.exe
-
Size
2.6MB
-
MD5
1375950da71f03040d4043d9d84ac4c9
-
SHA1
5f4baed37f6eb23d1b6efbe58ece75030f701a77
-
SHA256
635764197d1aff622d35d6b6c44a72c8a09b60a55ca465cef868ba428b30b164
-
SHA512
900a66f69a6392e5e73fc52b5ecd5a50559256c8e55dbdeb8ad5634a41774a9745cd07bdcf12ad4c77c39107748fe3ed11c4b27d2c0b518448949ed4e1606ce6
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-