Resubmissions

25/01/2025, 07:09

250125-hza7wa1qbv 8

25/01/2025, 07:09

250125-hy5ebstjfq 1

25/01/2025, 07:09

250125-hysers1qav 1

25/01/2025, 07:05

250125-hwpabssrfk 10

General

  • Target

    Virus-Collection

  • Size

    248KB

  • Sample

    250125-hwpabssrfk

  • MD5

    575e3a2c7acb8eabfb978d65d2af70f2

  • SHA1

    abf5c25811edf1d57ab2518bf3c1b552107a426e

  • SHA256

    ec85d68b225b578f50e6916d89c6c09c269c9cc61a75ab92d777895027a9ffc6

  • SHA512

    89380487c7fa90aa81c8f9f55ab53216a6d3fd16beb9dd04e2819f1db71b1c4d78578c9c510988c80204e599e7777c3f6da79c464131d4a95a4117543b854b8b

  • SSDEEP

    6144:frN5mpOL/saqkPV9FH2LtcIDSsmwIx99vZJT3CqbMrhryf65NRPaCieMjAkvCJvI:jN5mpOL/saqkPV9FH2LtcIDSsmwIx99L

Malware Config

Targets

    • Target

      Virus-Collection

    • Size

      248KB

    • MD5

      575e3a2c7acb8eabfb978d65d2af70f2

    • SHA1

      abf5c25811edf1d57ab2518bf3c1b552107a426e

    • SHA256

      ec85d68b225b578f50e6916d89c6c09c269c9cc61a75ab92d777895027a9ffc6

    • SHA512

      89380487c7fa90aa81c8f9f55ab53216a6d3fd16beb9dd04e2819f1db71b1c4d78578c9c510988c80204e599e7777c3f6da79c464131d4a95a4117543b854b8b

    • SSDEEP

      6144:frN5mpOL/saqkPV9FH2LtcIDSsmwIx99vZJT3CqbMrhryf65NRPaCieMjAkvCJvI:jN5mpOL/saqkPV9FH2LtcIDSsmwIx99L

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks