Overview

overview

8

Static

static

3

DeadStealer.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DeadStealer.exe

  • Size

    4.3MB

  • Sample

    240919-d76ljaygnb

  • MD5

    4c5553b79b2cccde8f27690f8b27f23b

  • SHA1

    324465bf10c4366211a95079877445d26be96972

  • SHA256

    20b311d2fd9d2d962260172c01b92531c77d5dd6f7fccafd7a721bf79fa662f8

  • SHA512

    7e36d1d41791cf9a7e45db0bdd86fcd55abeb77c0074a6b7bc73fec4a2025d583aba23e2736c3afb6e8f6ce3a1cc795fe1f5ea22ee6e53cedc42b0f28bd74e67

  • SSDEEP

    98304:lkjozJ9/im8XVBKl6tmJVP2sRx/E0T7zN3HtHOIT4bNJFY3Oqt2SGuA+i1i:ZzJpjS346tmJ1ds+7ptHOjBHYm9uAm

Score
8/10
agilenetexecution

Malware Config

Targets

    • Target

      DeadStealer.exe

    • Size

      4.3MB

    • MD5

      4c5553b79b2cccde8f27690f8b27f23b

    • SHA1

      324465bf10c4366211a95079877445d26be96972

    • SHA256

      20b311d2fd9d2d962260172c01b92531c77d5dd6f7fccafd7a721bf79fa662f8

    • SHA512

      7e36d1d41791cf9a7e45db0bdd86fcd55abeb77c0074a6b7bc73fec4a2025d583aba23e2736c3afb6e8f6ce3a1cc795fe1f5ea22ee6e53cedc42b0f28bd74e67

    • SSDEEP

      98304:lkjozJ9/im8XVBKl6tmJVP2sRx/E0T7zN3HtHOIT4bNJFY3Oqt2SGuA+i1i:ZzJpjS346tmJ1ds+7ptHOjBHYm9uAm

    Score
    8/10
    agilenetexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks