General

  • Target

    e1ae012eaddb751b5eff632f7c0e303fc8c96f087edf1665751ee0b910512586.exe

  • Size

    16KB

  • Sample

    240821-nfveasvhlf

  • MD5

    4af299ee3da2ad928483d38862707ad5

  • SHA1

    94e1864edae16128e5c5b6c91ead59eb244cf4c1

  • SHA256

    e1ae012eaddb751b5eff632f7c0e303fc8c96f087edf1665751ee0b910512586

  • SHA512

    3a014ce4d6b9ac6eba8fa09720181a3cbe6786ab5871faee07d40449eb903d279a2d70fd6a566761c216b33129dc236891e8cb16f41bca46b610bd7431ece091

  • SSDEEP

    384:bGTyWf5RMmNlSLyLTynfA4teZ6TKL3LBGnKfbjSiWCC:bAyWCuGcbZnC

Malware Config

Targets

    • Target

      e1ae012eaddb751b5eff632f7c0e303fc8c96f087edf1665751ee0b910512586.exe

    • Size

      16KB

    • MD5

      4af299ee3da2ad928483d38862707ad5

    • SHA1

      94e1864edae16128e5c5b6c91ead59eb244cf4c1

    • SHA256

      e1ae012eaddb751b5eff632f7c0e303fc8c96f087edf1665751ee0b910512586

    • SHA512

      3a014ce4d6b9ac6eba8fa09720181a3cbe6786ab5871faee07d40449eb903d279a2d70fd6a566761c216b33129dc236891e8cb16f41bca46b610bd7431ece091

    • SSDEEP

      384:bGTyWf5RMmNlSLyLTynfA4teZ6TKL3LBGnKfbjSiWCC:bAyWCuGcbZnC

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks