General

  • Target

    Dork_Searcher_v3.zip

  • Size

    64.8MB

  • Sample

    230806-1w72jscd99

  • MD5

    b8b87ac35382afeea0a3d998276924cb

  • SHA1

    ae77d0fb6fd3d74890c7530e473e1336345af278

  • SHA256

    d75f121a4a8febece59348b4e60a7eae1206931b6c1a39e0163cc1fbab65980e

  • SHA512

    53bfbcb7c19a1fa33be4e27d14207f8ca97d26e8d83fed748137a2496066339e470ec89929eedcc1679efd2cb8930373fc3cdcec99a0a42c7b45ff455fb10f62

  • SSDEEP

    1572864:dqPPxdoKCV/HgIdNjZ3rdjjsp4UOn7CirarON7DBVb:UPP8KCVfgEB19fdrarORDBVb

Score
7/10

Malware Config

Targets

    • Target

      Dork_Searcher_v3.zip

    • Size

      64.8MB

    • MD5

      b8b87ac35382afeea0a3d998276924cb

    • SHA1

      ae77d0fb6fd3d74890c7530e473e1336345af278

    • SHA256

      d75f121a4a8febece59348b4e60a7eae1206931b6c1a39e0163cc1fbab65980e

    • SHA512

      53bfbcb7c19a1fa33be4e27d14207f8ca97d26e8d83fed748137a2496066339e470ec89929eedcc1679efd2cb8930373fc3cdcec99a0a42c7b45ff455fb10f62

    • SSDEEP

      1572864:dqPPxdoKCV/HgIdNjZ3rdjjsp4UOn7CirarON7DBVb:UPP8KCVfgEB19fdrarORDBVb

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks