Overview

overview

7

Static

static

3

2ac3849d58...b8.exe

windows7-x64

2ac3849d58...b8.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ac3849d585c487a1a690c5a03648d0e4001f895995d1276d03694901b8796b8

  • Size

    748KB

  • Sample

    240501-bp17zsed58

  • MD5

    dd1040a807c879b71eb2031ac22e8e83

  • SHA1

    5b5cdf8ef6224dac045cc34d116a626328c8253f

  • SHA256

    2ac3849d585c487a1a690c5a03648d0e4001f895995d1276d03694901b8796b8

  • SHA512

    25e4f63a371e283d2dc62e6b9d59fd5e461b148f7221c78b7de5200194d2eeb7793e38fd7bb703b85a25435f5ef45f2940850b93692ced38ba073cf220df1723

  • SSDEEP

    12288:QoA/jftVfrDj1tnT7JIB+DTVYMtInIuv+ISCNLc05EKN7qmcCEMd9s3J5a87:QoMff3nTbDBtGIumISWc059+mcC87

Score
7/10
agilenet

Malware Config

Targets

    • Target

      2ac3849d585c487a1a690c5a03648d0e4001f895995d1276d03694901b8796b8

    • Size

      748KB

    • MD5

      dd1040a807c879b71eb2031ac22e8e83

    • SHA1

      5b5cdf8ef6224dac045cc34d116a626328c8253f

    • SHA256

      2ac3849d585c487a1a690c5a03648d0e4001f895995d1276d03694901b8796b8

    • SHA512

      25e4f63a371e283d2dc62e6b9d59fd5e461b148f7221c78b7de5200194d2eeb7793e38fd7bb703b85a25435f5ef45f2940850b93692ced38ba073cf220df1723

    • SSDEEP

      12288:QoA/jftVfrDj1tnT7JIB+DTVYMtInIuv+ISCNLc05EKN7qmcCEMd9s3J5a87:QoMff3nTbDBtGIumISWc059+mcC87

    Score
    7/10
    agilenet

    • Deletes itself

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks