Overview

overview

7

Static

static

1796838d57...f7.exe

windows7_x64

7

1796838d57...f7.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1796838d573e7ad485ba1f0e65303bf7.exe

  • Size

    2.4MB

  • Sample

    210723-rgk8s2vzcx

  • MD5

    1796838d573e7ad485ba1f0e65303bf7

  • SHA1

    ac213fe761b4755bf5ba97dac99e1bde6a067379

  • SHA256

    cc773fa6caca8fd14bc2b054038dcaa627496f233e31c9b51ddc0d7e51d1a79b

  • SHA512

    f69c929eaa419f935ff5fe5b296e4177921b5bf6d88e53ac86daaf10cd6ff65ce13fbfb2ae1f642dfa94f2b90246e18982f4661b099dd1dbf2485c5cdcc01831

Score
7/10
agilenet

Malware Config

Targets

    • Target

      1796838d573e7ad485ba1f0e65303bf7.exe

    • Size

      2.4MB

    • MD5

      1796838d573e7ad485ba1f0e65303bf7

    • SHA1

      ac213fe761b4755bf5ba97dac99e1bde6a067379

    • SHA256

      cc773fa6caca8fd14bc2b054038dcaa627496f233e31c9b51ddc0d7e51d1a79b

    • SHA512

      f69c929eaa419f935ff5fe5b296e4177921b5bf6d88e53ac86daaf10cd6ff65ce13fbfb2ae1f642dfa94f2b90246e18982f4661b099dd1dbf2485c5cdcc01831

    Score
    7/10
    agilenet

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks