Overview

overview

8

Static

static

7

16d6e1a984...ee.exe

windows7-x64

8

16d6e1a984...ee.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a450a05657ce80e73171556154adb60.bin

  • Size

    453KB

  • Sample

    230507-b8yafaah85

  • MD5

    229d6dc23378a805c542796ad4459134

  • SHA1

    1b2186412ceeb1832345e9ab90b62d251901d8dc

  • SHA256

    3b7abe05516dd3ff792736bc8a14685ea14e6cb3711a1df4dfc415ed01b9b042

  • SHA512

    ac4c6e2327d4f7beb572e73c9107c72bf6b204cd3d63e41fc1bff5197b4ed611a4a7d50631710168aa6837972b8fcc530be0817393da3c902adf2184eef71b4e

  • SSDEEP

    12288:nWoLL6kgtgwew27nRNvCrRypwLwRSKH0EH2AQr5mRENaljH:bL6YrDja10wnUd2jVmYaRH

Score
8/10
agilenetevasionpersistence

Malware Config

Targets

    • Target

      16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee.exe

    • Size

      744KB

    • MD5

      9a450a05657ce80e73171556154adb60

    • SHA1

      9db02ebf6b851397ab6d43d4c79d3785987a56b1

    • SHA256

      16d6e1a9844554861f37ac46f86fd1ef618aa56282d83f768c47e1c191dd75ee

    • SHA512

      c75444be53b8b55d6634ed8c632b78b523bff5b0ad1eb9171fce65778c6444a7728c11b4137bb397a75f0df635d80083aea380d9708b04a5bf97d0c40965f208

    • SSDEEP

      12288:prBjpOUREzLw2f1WrG8HXXQGa3INlTVlRGvk4qOV7l:prBj0+EzLwW1T8HQ93IlTtO

    Score
    8/10
    agilenetevasionpersistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks