General

  • Target

    de4dot v3.1.41592 Installer.exe

  • Size

    4.0MB

  • Sample

    230804-1xzrkaef23

  • MD5

    81e3a66aff6ee2dabe63a489975664bb

  • SHA1

    5b57b97fef7b9261022d2f6d788ad09711c984a6

  • SHA256

    c5779b8c4b5b5e91770931b82cbf30255ce5d3645f715f11d13caab40be3ae2d

  • SHA512

    d8f2be31b2119503771fc2af5bf38d50b256621a8643acff019a47b5df088f2765b8645912925d3324a279f63884b54d3813ac05398023104ef5b9bb7fa51ad5

  • SSDEEP

    98304:CTcOeIdcUP6wN9i5PB8ifig4QuPf1Kv8OcQSEKnyEfj6QEJd4D:CceQ5JbirQuPU+EKnbAaD

Score
7/10

Malware Config

Targets

    • Target

      de4dot v3.1.41592 Installer.exe

    • Size

      4.0MB

    • MD5

      81e3a66aff6ee2dabe63a489975664bb

    • SHA1

      5b57b97fef7b9261022d2f6d788ad09711c984a6

    • SHA256

      c5779b8c4b5b5e91770931b82cbf30255ce5d3645f715f11d13caab40be3ae2d

    • SHA512

      d8f2be31b2119503771fc2af5bf38d50b256621a8643acff019a47b5df088f2765b8645912925d3324a279f63884b54d3813ac05398023104ef5b9bb7fa51ad5

    • SSDEEP

      98304:CTcOeIdcUP6wN9i5PB8ifig4QuPf1Kv8OcQSEKnyEfj6QEJd4D:CceQ5JbirQuPU+EKnbAaD

    Score
    7/10
    • Loads dropped DLL

    • Modifies system executable filetype association

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks