Overview

overview

7

Static

static

3

1058352281.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1058352281.exe

  • Size

    7.5MB

  • Sample

    240521-vgr4wscc68

  • MD5

    08db896a19a103730f5d4d9b495c1e87

  • SHA1

    c1ff39e34372970533ecfff4444ddf43f37069ae

  • SHA256

    147526e215dce704e9a70ba57ec84ec593204c8427565c2848249b8a3ff8a208

  • SHA512

    e5f82b1091786c5d03144202cc1efc56f3c1830c495d0d6c548b06acda20661af70f7413ed406e0c8a068df155adc761e8f9911e575a6d0d609ede539809d9eb

  • SSDEEP

    196608:MBXXgnjUvJUivBeENSHgBdbWts3KPgyt3WxS:oXXxZkExj3KPgeh

Score
7/10
agilenet

Malware Config

Targets

    • Target

      1058352281.exe

    • Size

      7.5MB

    • MD5

      08db896a19a103730f5d4d9b495c1e87

    • SHA1

      c1ff39e34372970533ecfff4444ddf43f37069ae

    • SHA256

      147526e215dce704e9a70ba57ec84ec593204c8427565c2848249b8a3ff8a208

    • SHA512

      e5f82b1091786c5d03144202cc1efc56f3c1830c495d0d6c548b06acda20661af70f7413ed406e0c8a068df155adc761e8f9911e575a6d0d609ede539809d9eb

    • SSDEEP

      196608:MBXXgnjUvJUivBeENSHgBdbWts3KPgyt3WxS:oXXxZkExj3KPgeh

    Score
    7/10
    agilenet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks