Overview

overview

7

Static

static

3

cyxum.exe

windows7-x64

7

cyxum.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cyxum.exe

  • Size

    1.1MB

  • Sample

    230527-qdacfsbh76

  • MD5

    394c60237c9e91bf7efc4832424ef51e

  • SHA1

    a176bfac5c7c3c51075a54ee852a10c560e922dc

  • SHA256

    fae2d370a412eacf6f1e7ab76a43f1c8bfba253a5b6630322aaecca9978ed957

  • SHA512

    e5f25f03ffe24d12ca1b390833996a2f36c4c57455f42fff9e8a0a27e2841c4e5c20b32c6860324d414e6fee2c9de69a4ed7d7780eaa9ee8302ddc9d3dd7c25c

  • SSDEEP

    24576:Us/3O8IbK5HdekH+lTZeO8uTRzKJeLjEeJtIVw/5zJx7K3BUUu:V/3O8XdekHkTZBRzK2jEcIu/NDK3Bc

Score
7/10
agilenet

Malware Config

Targets

    • Target

      cyxum.exe

    • Size

      1.1MB

    • MD5

      394c60237c9e91bf7efc4832424ef51e

    • SHA1

      a176bfac5c7c3c51075a54ee852a10c560e922dc

    • SHA256

      fae2d370a412eacf6f1e7ab76a43f1c8bfba253a5b6630322aaecca9978ed957

    • SHA512

      e5f25f03ffe24d12ca1b390833996a2f36c4c57455f42fff9e8a0a27e2841c4e5c20b32c6860324d414e6fee2c9de69a4ed7d7780eaa9ee8302ddc9d3dd7c25c

    • SSDEEP

      24576:Us/3O8IbK5HdekH+lTZeO8uTRzKJeLjEeJtIVw/5zJx7K3BUUu:V/3O8XdekHkTZBRzK2jEcIu/NDK3Bc

    Score
    7/10
    agilenet

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks