Overview

overview

8

Static

static

7

3ff8bf17e5...d4.exe

windows7_x64

8

3ff8bf17e5...d4.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ff8bf17e5513081c9cdd5d9f6aad3d4

  • Size

    65KB

  • Sample

    210926-srxq1sfag4

  • MD5

    3ff8bf17e5513081c9cdd5d9f6aad3d4

  • SHA1

    000ee99892ed87c213054cd28e58beeda9e45c5e

  • SHA256

    2504393cecf6bf06ebb2070f21c5c3113e41f92f82d6635d2601f3aa29728183

  • SHA512

    8d1686834da1be662650482d4a6eb211de97f4c131786313255ef2a92757b84c65754de44b7a065c45aaf06a99c942b509a593a3442b8009cf5291fca6014499

Score
8/10
agilenet

Malware Config

Targets

    • Target

      3ff8bf17e5513081c9cdd5d9f6aad3d4

    • Size

      65KB

    • MD5

      3ff8bf17e5513081c9cdd5d9f6aad3d4

    • SHA1

      000ee99892ed87c213054cd28e58beeda9e45c5e

    • SHA256

      2504393cecf6bf06ebb2070f21c5c3113e41f92f82d6635d2601f3aa29728183

    • SHA512

      8d1686834da1be662650482d4a6eb211de97f4c131786313255ef2a92757b84c65754de44b7a065c45aaf06a99c942b509a593a3442b8009cf5291fca6014499

    Score
    8/10
    agilenet

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks