General

  • Target

    z72Nowezam_wienie.exe

  • Size

    17KB

  • Sample

    240909-nt1s8swbqp

  • MD5

    e1a906c8e061756213b4745e769a86db

  • SHA1

    a5a3af63dc82bbfc302f9b3471e6115e2d456056

  • SHA256

    8239559d5c986284031b5918e229e63e61ea790e35cd1e972241bd3ff36b5087

  • SHA512

    8e2e64c4376ad2059ebb31d9d2d7612b19de4520de69094d96375d1ba020319230d6687811bf359511498a9204af5df47649b9e820c9deb50e0862d805cc2545

  • SSDEEP

    384:visr/4fP4+g0az4F/4PI2zAybVofffFGdD:aWeWzAAvdD

Malware Config

Targets

    • Target

      z72Nowezam_wienie.exe

    • Size

      17KB

    • MD5

      e1a906c8e061756213b4745e769a86db

    • SHA1

      a5a3af63dc82bbfc302f9b3471e6115e2d456056

    • SHA256

      8239559d5c986284031b5918e229e63e61ea790e35cd1e972241bd3ff36b5087

    • SHA512

      8e2e64c4376ad2059ebb31d9d2d7612b19de4520de69094d96375d1ba020319230d6687811bf359511498a9204af5df47649b9e820c9deb50e0862d805cc2545

    • SSDEEP

      384:visr/4fP4+g0az4F/4PI2zAybVofffFGdD:aWeWzAAvdD

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks