Overview

overview

9

Static

static

7

Final_Exo.exe

windows7-x64

9

Final_Exo.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Final_Exo.exe

  • Size

    11.6MB

  • Sample

    240422-1q75csgh34

  • MD5

    95ca9ea4df718e942a9469809d4d3f0c

  • SHA1

    3b10fcdad8200b06a819cce0ef2927e8ac2b41e4

  • SHA256

    2bde57f6947faaf82ac15c44168284560b7b0f4178a17aaeb6ff7347528127eb

  • SHA512

    085d634494aae323d7a632659aea6b4e61a77e7b5e960d7654b6e8dc1c32e9e2cac6c89535844b8011e3e1a5e5a027312eff03698226c2a206d436bcaa7e1cad

  • SSDEEP

    196608:K2GXWNwlpIKEmpYg0nSKOfF8UNQfjzWdRlASRXUGTgT1LglvZkgrc:KFMdSQnSzmUNSjzlSRFKglhkgI

Score
9/10
agilenetevasion

Malware Config

Targets

    • Target

      Final_Exo.exe

    • Size

      11.6MB

    • MD5

      95ca9ea4df718e942a9469809d4d3f0c

    • SHA1

      3b10fcdad8200b06a819cce0ef2927e8ac2b41e4

    • SHA256

      2bde57f6947faaf82ac15c44168284560b7b0f4178a17aaeb6ff7347528127eb

    • SHA512

      085d634494aae323d7a632659aea6b4e61a77e7b5e960d7654b6e8dc1c32e9e2cac6c89535844b8011e3e1a5e5a027312eff03698226c2a206d436bcaa7e1cad

    • SSDEEP

      196608:K2GXWNwlpIKEmpYg0nSKOfF8UNQfjzWdRlASRXUGTgT1LglvZkgrc:KFMdSQnSzmUNSjzlSRFKglhkgI

    Score
    9/10
    agilenetevasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks