Overview

overview

8

Static

static

1

Lithium_SS...xe.url

windows7-x64

8

Lithium_SS...xe.url

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lithium_SS_Tool.exe.url

  • Size

    123B

  • Sample

    230225-de3n6sbh53

  • MD5

    75892c189979339b6ad016b440f4c3e5

  • SHA1

    3cda0f4bf4d1c06e475a850635aa7590283d9623

  • SHA256

    322bafdb9119a0cbfd1dd84675bc6780c63f07c2c52040fc24fe7943cae3def4

  • SHA512

    b52dc1fb15d2bf28b8d9593883b28c3fdaaf1bbc7d04f6458a5faa23307bf29187e1680bdd4cc19fe425eda678270231600fbc87088224abbfdd0edd6d2595cf

Score
8/10
agilenetevasiontrojan

Malware Config

Targets

    • Target

      Lithium_SS_Tool.exe.url

    • Size

      123B

    • MD5

      75892c189979339b6ad016b440f4c3e5

    • SHA1

      3cda0f4bf4d1c06e475a850635aa7590283d9623

    • SHA256

      322bafdb9119a0cbfd1dd84675bc6780c63f07c2c52040fc24fe7943cae3def4

    • SHA512

      b52dc1fb15d2bf28b8d9593883b28c3fdaaf1bbc7d04f6458a5faa23307bf29187e1680bdd4cc19fe425eda678270231600fbc87088224abbfdd0edd6d2595cf

    Score
    8/10
    agilenetevasiontrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks