Overview

overview

10

Static

static

URLScan

urlscan

1

https://google.com

windows7_x64

10

Resubmissions

21-08-2022 14:53

220821-r9e39aahej 8

20-08-2022 19:34

220820-yajeysada3 8

18-08-2022 19:56

220818-ynvp5seac3 8

14-08-2022 21:38

220814-1hgbnsddf5 8

18-07-2022 04:40

220718-fajfvaafdl 1

18-07-2022 04:26

220718-e2lvlsaegj 8

16-07-2022 04:29

220716-e4rtmsgeg3 8

16-07-2022 03:58

220716-ejzczsgde2 8

11-07-2022 19:19

220711-x1h2facabn 10

10-07-2022 23:55

220710-3yffesdfan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://google.com

  • Sample

    220710-3yffesdfan

Score
10/10
agilenetdiscoveryevasionexploitpersistencetrojan

Malware Config

Targets

    • Target

      https://google.com

    Score
    10/10
    agilenetdiscoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

6
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks