Overview

overview

7

Static

static

3

cryptolaemus

windows10-2004-x64

7

cryptolaemus

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aae9e126f03798f15445e8f308bbf43e9bda6a9e1ffaa9fe2dfd75eb65fef74c

  • Size

    26KB

  • Sample

    240513-h1kspseg64

  • MD5

    1f90151f3470f316a645a6617534a0be

  • SHA1

    80dd3641418ff22c353b2d1f0f4c86990cfdaee1

  • SHA256

    aae9e126f03798f15445e8f308bbf43e9bda6a9e1ffaa9fe2dfd75eb65fef74c

  • SHA512

    5609219d6a7ece553032589d9765e7fcf394253fa4df5d64539e231a4350bf9c8b3bfd2ec5ca1904a6584b793f3a174353261e23983f7ac428b7957379eccbcf

  • SSDEEP

    384:YJwutFK4KLt/WFg46SL4E3y3jBPc3jrUGjC/8wLSV6f3pRLXjjF:kFK4ueF/xAWj4YCEUSK9jjF

Score
7/10
agilenetexecution

Malware Config

Targets

    • Target

      aae9e126f03798f15445e8f308bbf43e9bda6a9e1ffaa9fe2dfd75eb65fef74c

    • Size

      26KB

    • MD5

      1f90151f3470f316a645a6617534a0be

    • SHA1

      80dd3641418ff22c353b2d1f0f4c86990cfdaee1

    • SHA256

      aae9e126f03798f15445e8f308bbf43e9bda6a9e1ffaa9fe2dfd75eb65fef74c

    • SHA512

      5609219d6a7ece553032589d9765e7fcf394253fa4df5d64539e231a4350bf9c8b3bfd2ec5ca1904a6584b793f3a174353261e23983f7ac428b7957379eccbcf

    • SSDEEP

      384:YJwutFK4KLt/WFg46SL4E3y3jBPc3jrUGjC/8wLSV6f3pRLXjjF:kFK4ueF/xAWj4YCEUSK9jjF

    Score
    7/10
    agilenetexecution

    • Drops startup file

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks