6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4 | Triage

Submit
Reports

Overview

overview

Static

static

7

HEUR-Troja...d4.exe

windows7-x64

HEUR-Troja...d4.exe

windows10-2004-x64

Sharing

General

Target

HEUR-Trojan.MSIL.Agent.gen-6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4.exe
Size

555KB
Sample

220924-lm7l4aahh3
MD5

0c6298d91e5f0a3317dc6db20dad3609
SHA1

b91c567f479223b7a65fbe44e3429be08fde275a
SHA256

6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4
SHA512

3288babc7f67113fad60d7ad69fd69be3d5f8186c66bde280415046894c6a2bfbcad2659a4facbdf02b74917ca63b55bd5087c25f8f017f5f6e8fd71b2396c8d
SSDEEP

12288:gfp3lxis8EdrQso5hnyRIAPQJno5hnyRIAQq:gfp36sN5snUPjnUQq

Score

10^/10

agilenet evasion ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HEUR-Trojan.MSIL.Agent.gen-6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4.exe

Resource

win7-20220812-en

agilenet evasion ransomware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEUR-Trojan.MSIL.Agent.gen-6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4.exe

Resource

win10v2004-20220812-en

agilenet evasion ransomware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  HEUR-Trojan.MSIL.Agent.gen-6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4.exe
- Size
  
  555KB
- MD5
  
  0c6298d91e5f0a3317dc6db20dad3609
- SHA1
  
  b91c567f479223b7a65fbe44e3429be08fde275a
- SHA256
  
  6d8dd5a564523b6f8597dd9009a74395bb48e5e1a85947157ced38034b20b6d4
- SHA512
  
  3288babc7f67113fad60d7ad69fd69be3d5f8186c66bde280415046894c6a2bfbcad2659a4facbdf02b74917ca63b55bd5087c25f8f017f5f6e8fd71b2396c8d
- SSDEEP
  
  12288:gfp3lxis8EdrQso5hnyRIAPQJno5hnyRIAQq:gfp36sN5snUPjnUQq
Score

10^/10

agilenet evasion ransomware trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Indicator Removal on Host

File Deletion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

agilenetevasionransomwaretrojan

behavioral2

agilenetevasionransomwaretrojan

© 2018-2024

Terms | Privacy