ed9b31af8f11fc7183f50df0dd71619bc24f0c08e16bfa58f5d81e9b7bc05ae3 | Triage

Sharing

General

Target

a8e014703f2c72a5eb21794957577bbd_JaffaCakes118
Size

237KB
Sample

240614-k2hqvaxenl
MD5

a8e014703f2c72a5eb21794957577bbd
SHA1

ae4167a4097b90893140d86dc989d16cd928c2d9
SHA256

ed9b31af8f11fc7183f50df0dd71619bc24f0c08e16bfa58f5d81e9b7bc05ae3
SHA512

593ac40770cfdb50c73ef7e80b0e63bfbee6629cb1ceeb6d9343582aa22ef91bde500a2b37fe32186cb77f454f9a351a66a484f0625c493871e99fa58ae5b61c
SSDEEP

6144:2ueL8jjtlh4SegNBUEDkHj2CWPuotIjJZyRgka2w9iSyi:2/L8jjnEgNBUk+HW2oTgk1P

Score

7^/10

agilenet persistence

Malware Config

Targets

- Target
  
  a8e014703f2c72a5eb21794957577bbd_JaffaCakes118
- Size
  
  237KB
- MD5
  
  a8e014703f2c72a5eb21794957577bbd
- SHA1
  
  ae4167a4097b90893140d86dc989d16cd928c2d9
- SHA256
  
  ed9b31af8f11fc7183f50df0dd71619bc24f0c08e16bfa58f5d81e9b7bc05ae3
- SHA512
  
  593ac40770cfdb50c73ef7e80b0e63bfbee6629cb1ceeb6d9343582aa22ef91bde500a2b37fe32186cb77f454f9a351a66a484f0625c493871e99fa58ae5b61c
- SSDEEP
  
  6144:2ueL8jjtlh4SegNBUEDkHj2CWPuotIjJZyRgka2w9iSyi:2/L8jjnEgNBUk+HW2oTgk1P
Score

7^/10

agilenet persistence
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetpersistence

behavioral2

agilenetpersistence