Overview

overview

8

Static

static

12ce65e1f2...bb.exe

windows7_x64

8

12ce65e1f2...bb.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12ce65e1f2d26ed8e7a0eb842d5447bb

  • Size

    3.1MB

  • Sample

    211215-v397laaca5

  • MD5

    12ce65e1f2d26ed8e7a0eb842d5447bb

  • SHA1

    36cbaea66bfc57c159ca3b13e367eb3c1762738c

  • SHA256

    925b7b38868675725656b93e6d7349048a3702fc13b8fd62b305155e332b8980

  • SHA512

    9f941208d0435e5a4f1d2243ac8beab0696e89beb65acda6ba3f3b72a2099f2265d72f4768c7679cbad5f57129b5b1ed7521ea77466e6cb958135fefd4016782

Score
8/10
agilenet

Malware Config

Targets

    • Target

      12ce65e1f2d26ed8e7a0eb842d5447bb

    • Size

      3.1MB

    • MD5

      12ce65e1f2d26ed8e7a0eb842d5447bb

    • SHA1

      36cbaea66bfc57c159ca3b13e367eb3c1762738c

    • SHA256

      925b7b38868675725656b93e6d7349048a3702fc13b8fd62b305155e332b8980

    • SHA512

      9f941208d0435e5a4f1d2243ac8beab0696e89beb65acda6ba3f3b72a2099f2265d72f4768c7679cbad5f57129b5b1ed7521ea77466e6cb958135fefd4016782

    Score
    8/10
    agilenet

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks