Resubmissions

11-05-2023 12:47

230511-pz7z6sfb7y 8

11-05-2023 12:43

230511-pxwjcsfb61 8

11-05-2023 12:38

230511-pvestsdc88 8

11-05-2023 12:35

230511-psfbksdc79 8

11-05-2023 12:33

230511-pq9seadc74 10

11-05-2023 12:30

230511-ppvl4adc65 8

General

  • Target

    deepfried_1683726685540.jpg

  • Size

    10KB

  • Sample

    230511-pz7z6sfb7y

  • MD5

    b49fe89eedd01c5c4998902c6a988e2c

  • SHA1

    c0310946c0ad9346486a6c0eb33a8c73dfa63c01

  • SHA256

    a3ffa79c869650912659492f9867039d4dc1710189a6916537d6f3419b8587b3

  • SHA512

    c7ea36bbccfc5a13117a76de2d8e033e95fec1a40505fb7d6fd0f33d9072e2e30c74e4e0a44c4ba86d2c701ca354cb55d773f4288f5a1d6a67c9655a82b8e6d4

  • SSDEEP

    192:9wyPjC/uFQy+nge+8HYPk45bf/l1YuK3VGbiioi4xcagXJd8KiV:9wbuFz6PV4PNbDYu+VGxoi+g5LiV

Score
8/10

Malware Config

Targets

    • Target

      deepfried_1683726685540.jpg

    • Size

      10KB

    • MD5

      b49fe89eedd01c5c4998902c6a988e2c

    • SHA1

      c0310946c0ad9346486a6c0eb33a8c73dfa63c01

    • SHA256

      a3ffa79c869650912659492f9867039d4dc1710189a6916537d6f3419b8587b3

    • SHA512

      c7ea36bbccfc5a13117a76de2d8e033e95fec1a40505fb7d6fd0f33d9072e2e30c74e4e0a44c4ba86d2c701ca354cb55d773f4288f5a1d6a67c9655a82b8e6d4

    • SSDEEP

      192:9wyPjC/uFQy+nge+8HYPk45bf/l1YuK3VGbiioi4xcagXJd8KiV:9wbuFz6PV4PNbDYu+VGxoi+g5LiV

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Command and Control

Web Service

1
T1102

Tasks