General
-
Target
HEUR-Trojan-PSW.MSIL.Agensla.gen-871acce97791.exe
-
Size
640KB
-
Sample
230201-ttm52aaf82
-
MD5
41ce5abc5e9571290d551fc1782f5e99
-
SHA1
04aab81fa54ba42e579463d6745122d4a9ee49c4
-
SHA256
871acce977914861a1950cba15794da45a72695d77c4e5b2566daae8b5ac6b2c
-
SHA512
246de43e1e95a9b9558ae1898cbfc9702d93e9e447663a783ac5131f2302a4b2ec49ed92558afb4772337abfebf497d74402c41749337fb03cae36a401f96fab
-
SSDEEP
12288:u29PU9aPU9y07amHSIvOsBgo0q4wMczal6NBeTsNC8/i9YuJBp9sbX82UfMoTTWj:u2ZIvOsBgo0q4wMHl9szuB+baxg
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-PSW.MSIL.Agensla.gen-871acce97791.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-PSW.MSIL.Agensla.gen-871acce97791.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/bI7xvNbnxScDp
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
HEUR-Trojan-PSW.MSIL.Agensla.gen-871acce97791.exe
-
Size
640KB
-
MD5
41ce5abc5e9571290d551fc1782f5e99
-
SHA1
04aab81fa54ba42e579463d6745122d4a9ee49c4
-
SHA256
871acce977914861a1950cba15794da45a72695d77c4e5b2566daae8b5ac6b2c
-
SHA512
246de43e1e95a9b9558ae1898cbfc9702d93e9e447663a783ac5131f2302a4b2ec49ed92558afb4772337abfebf497d74402c41749337fb03cae36a401f96fab
-
SSDEEP
12288:u29PU9aPU9y07amHSIvOsBgo0q4wMczal6NBeTsNC8/i9YuJBp9sbX82UfMoTTWj:u2ZIvOsBgo0q4wMHl9szuB+baxg
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation