111a8502e03046675c3b498685dc3f3434770f71361710218d50f525285298c7 | Triage

Submit
Reports

Overview

overview

Static

static

KAZGLDK7.exe

windows7_x64

KAZGLDK7.exe

windows10-2004_x64

8

Sharing

General

Target

111a8502e03046675c3b498685dc3f3434770f71361710218d50f525285298c7
Size

1.3MB
Sample

220521-d1lmsabfdn
MD5

e90d65bc6ff3fecaf4fb0f13526f02d6
SHA1

9d74b43dab9f0ef299a7a1c3d3739a06ddbf9fc3
SHA256

111a8502e03046675c3b498685dc3f3434770f71361710218d50f525285298c7
SHA512

d4a72d8059f2aa5b016361c1834c67b157b821a07913e8f72530c87f1af4f6beea9bc909b472ecc136c1f0f387168abea50af25b627f564c7f96c7121d020562

Score

10^/10

agilenet coreentity persistence rezer0

Static task

static1

Behavioral task

behavioral1

Sample

KAZGLDK7.exe

Resource

win7-20220414-en

agilenet coreentity rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

KAZGLDK7.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  KAZGLDK7.EXE
- Size
  
  796KB
- MD5
  
  8776bc582b394da008bf1838d5a12239
- SHA1
  
  527a52018952885beb39b5c5e1e35dff17b086d3
- SHA256
  
  d80a482a5bff3bb4d0e6263d75c7eebf295d9027a1319a1c60100e2ec6ed2433
- SHA512
  
  6bf4f3815124545e4b7ab65b146a0f0351d3a2cd7fb63448249f346f392da5d15b48ce8fbee1920d532707171d17a73af3029b03439dbc28295713212ad8d96e
Score

10^/10

agilenet coreentity rezer0 persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetcoreentityrezer0

behavioral2

© 2018-2024

Terms | Privacy