Overview

overview

7

Static

static

3

AimBolt.exe

windows7-x64

AimBolt.exe

windows10-2004-x64

7

Resubmissions

26-06-2024 16:28

240626-ty494svgrk 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AimBolt.exe

  • Size

    761KB

  • Sample

    240626-ty494svgrk

  • MD5

    f4207c97ef68f04fdfb837133fe06fe4

  • SHA1

    910f4cdf8987936ce76b4314b53e634fb517a182

  • SHA256

    2bd9aaefd640dd2ff0afcc994ebf0b66f7b5ebb05fd38d78ef04815e901b4994

  • SHA512

    e0fe67bf6434397ceb89ea10746165526c852ec6ea5d6c92e74d1c34e0ca94a9e1d6ba30dcf36a29ed6b4ff835fac5e1b314469e4078a12e4e319e4661a491e4

  • SSDEEP

    12288:a3aVvTuaH8x4D9NDj9JIEMrBaolQIYgsPyQGl50qrx80nFJlLA13AKVe1gWwjU:aKVvTNHTLj99qT4gsF8msJlc1QKVdjU

Score
7/10
agilenet

Malware Config

Targets

    • Target

      AimBolt.exe

    • Size

      761KB

    • MD5

      f4207c97ef68f04fdfb837133fe06fe4

    • SHA1

      910f4cdf8987936ce76b4314b53e634fb517a182

    • SHA256

      2bd9aaefd640dd2ff0afcc994ebf0b66f7b5ebb05fd38d78ef04815e901b4994

    • SHA512

      e0fe67bf6434397ceb89ea10746165526c852ec6ea5d6c92e74d1c34e0ca94a9e1d6ba30dcf36a29ed6b4ff835fac5e1b314469e4078a12e4e319e4661a491e4

    • SSDEEP

      12288:a3aVvTuaH8x4D9NDj9JIEMrBaolQIYgsPyQGl50qrx80nFJlLA13AKVe1gWwjU:aKVvTNHTLj99qT4gsF8msJlc1QKVdjU

    Score
    7/10
    agilenet

    • Deletes itself

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks