Overview

overview

7

Static

static

1

jhdeybuop51p.js

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jhdeybuop51p

  • Size

    53KB

  • Sample

    240509-nax81ahb52

  • MD5

    a16681f0b505d8d00bbe5c0071da45e4

  • SHA1

    535486e011378130e98b86e3c016dd9dca80193a

  • SHA256

    aab6dfdcdba69948a34a44feb9d4b3314b13235185f7d98d78801ad4b382c285

  • SHA512

    90f764ab4f85ad6e965ba57452516fe2341c5bbc6016e390e24fb1406a3c6f39f547104da9fdd689205a510007a140ea301fee9c5aa073ca5059e52802b0259a

  • SSDEEP

    768:EdhsXLxTcdCbd8ylh9fTyfZxMFqAUegim:Edhs24bd8ylh9fTyfZxMFqAUegim

Score
7/10
agilenetexecution

Malware Config

Targets

    • Target

      jhdeybuop51p

    • Size

      53KB

    • MD5

      a16681f0b505d8d00bbe5c0071da45e4

    • SHA1

      535486e011378130e98b86e3c016dd9dca80193a

    • SHA256

      aab6dfdcdba69948a34a44feb9d4b3314b13235185f7d98d78801ad4b382c285

    • SHA512

      90f764ab4f85ad6e965ba57452516fe2341c5bbc6016e390e24fb1406a3c6f39f547104da9fdd689205a510007a140ea301fee9c5aa073ca5059e52802b0259a

    • SSDEEP

      768:EdhsXLxTcdCbd8ylh9fTyfZxMFqAUegim:Edhs24bd8ylh9fTyfZxMFqAUegim

    Score
    7/10
    agilenetexecution

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks