Overview

overview

7

Static

static

1

EzyJec.exe

windows7-x64

7

EzyJec.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EzyJec.exe

  • Size

    3.6MB

  • Sample

    230307-qyvtwshf31

  • MD5

    b7079e5c05bbd6a8539646da78f0b49a

  • SHA1

    6d9b8490ffd8346f1f60fce239b59f3fde64368d

  • SHA256

    aed71f9bfc1fd0d950f0300f000ed7cf16cc1672b1843c636d7ce064086199c1

  • SHA512

    6268e96e27bf300cd5433b1ae8305596f8721f7b2c438de7fa4762393e9037c46d151a22da5ef2e5b86368eb93673612b4d192ef5e88514bb82b8c30cf154919

  • SSDEEP

    98304:CCvE/t7ZCWqrxToDqvXGr1e+Q1mp9SLq7zXb8P:CJ/tVrMt4qerc+ICwWPXY

Score
7/10
agilenetpersistence

Malware Config

Targets

    • Target

      EzyJec.exe

    • Size

      3.6MB

    • MD5

      b7079e5c05bbd6a8539646da78f0b49a

    • SHA1

      6d9b8490ffd8346f1f60fce239b59f3fde64368d

    • SHA256

      aed71f9bfc1fd0d950f0300f000ed7cf16cc1672b1843c636d7ce064086199c1

    • SHA512

      6268e96e27bf300cd5433b1ae8305596f8721f7b2c438de7fa4762393e9037c46d151a22da5ef2e5b86368eb93673612b4d192ef5e88514bb82b8c30cf154919

    • SSDEEP

      98304:CCvE/t7ZCWqrxToDqvXGr1e+Q1mp9SLq7zXb8P:CJ/tVrMt4qerc+ICwWPXY

    Score
    7/10
    agilenetpersistence

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks