1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e | Triage

Submit
Reports

Overview

overview

Static

static

7

1fe6260c3d...3e.exe

windows7-x64

1fe6260c3d...3e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e
Size

1.3MB
Sample

221127-tcl7eahh93
MD5

8a6a9dd67063c9098447da6fa53a1f13
SHA1

36238cb4ea92b462707328ad5dc72a495007534b
SHA256

1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e
SHA512

6d1b078bf9e61ac73b79c03a1cfce776f9a6b2a9e1a7be81230846da4e879d0c9cbcc562e98985a12da4ee3825e10094b457d02de3d469aa9bd2ed0e82b0c143
SSDEEP

24576:K7Ls6itoOW2mLc3cvu7jWk7cj8L5SiS+AmxAvkGuAsQCi+2GmR2ka:KXGFLmLc34cJL5NfAxTnsQCKBUka

Score

10^/10

agilenet evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e.exe

Resource

win7-20221111-en

agilenet evasion trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e.exe

Resource

win10v2004-20220812-en

agilenet evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e
- Size
  
  1.3MB
- MD5
  
  8a6a9dd67063c9098447da6fa53a1f13
- SHA1
  
  36238cb4ea92b462707328ad5dc72a495007534b
- SHA256
  
  1fe6260c3d2de26599b72c225bf430352e4a2f83371c37eb19dbb9d4e091df3e
- SHA512
  
  6d1b078bf9e61ac73b79c03a1cfce776f9a6b2a9e1a7be81230846da4e879d0c9cbcc562e98985a12da4ee3825e10094b457d02de3d469aa9bd2ed0e82b0c143
- SSDEEP
  
  24576:K7Ls6itoOW2mLc3cvu7jWk7cj8L5SiS+AmxAvkGuAsQCi+2GmR2ka:KXGFLmLc34cJL5NfAxTnsQCKBUka
Score

10^/10

agilenet evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetevasiontrojan

behavioral2

agilenetevasiontrojan

© 2018-2025

Terms | Privacy