Overview

overview

8

Static

static

3

osurx.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    osurx.exe

  • Size

    20.1MB

  • Sample

    240505-yvpsgace7y

  • MD5

    3fcb67a0a6291be47899d929876320bf

  • SHA1

    2210fc1708fe193911b80a469813effeeaf76203

  • SHA256

    adc1bbfadcc79258c378134dc9f3fb65366df6d7bc81a3e1fe79d3d9d57cdab4

  • SHA512

    9ba51e490f7bfd32f4edc5ee7ce10abf1d22f4914b64cff8bef22dd9513ada0c5a3c901c94548f24fb812a2d522ad4fda7dab0220d64296587985080fa1f8674

  • SSDEEP

    393216:KWMzd6T5VDF/mshj0Ob93ZWXqa7V4LCHmr7crNMj:KWMh+5VB/mshHb93ZgR4L0eOMj

Score
8/10
agilenet

Malware Config

Targets

    • Target

      osurx.exe

    • Size

      20.1MB

    • MD5

      3fcb67a0a6291be47899d929876320bf

    • SHA1

      2210fc1708fe193911b80a469813effeeaf76203

    • SHA256

      adc1bbfadcc79258c378134dc9f3fb65366df6d7bc81a3e1fe79d3d9d57cdab4

    • SHA512

      9ba51e490f7bfd32f4edc5ee7ce10abf1d22f4914b64cff8bef22dd9513ada0c5a3c901c94548f24fb812a2d522ad4fda7dab0220d64296587985080fa1f8674

    • SSDEEP

      393216:KWMzd6T5VDF/mshj0Ob93ZWXqa7V4LCHmr7crNMj:KWMh+5VB/mshHb93ZgR4L0eOMj

    Score
    8/10
    agilenet

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks