64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9 | Triage

Submit
Reports

Overview

overview

Static

static

7

64334d48ca...a9.exe

windows7-x64

64334d48ca...a9.exe

windows10-2004-x64

Sharing

General

Target

64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
Size

135KB
Sample

221128-wdej3add72
MD5

1e207e4e463139dd8b330970de52d635
SHA1

143b257325a178f1962b2166bb31227abcb9cc30
SHA256

64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
SHA512

b1026c111fcc4663c3c8cc36a53237728b8a08b45dcaebe5b0f5c2c0cba3086c8f980833b4a4adda78732a1d7e6aa07c6721610c8b229ff4294d422c3d85aaa2
SSDEEP

3072:tbJV6Vf61gH2L9PuW+d1ZM23XxfkIrlB3PYysK8JEpsTTX:B68eHipuD3XVkwlB3sKfpYT

Score

10^/10

agilenet evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9.exe

Resource

win7-20220812-en

agilenet evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9.exe

Resource

win10v2004-20220812-en

agilenet evasion persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
- Size
  
  135KB
- MD5
  
  1e207e4e463139dd8b330970de52d635
- SHA1
  
  143b257325a178f1962b2166bb31227abcb9cc30
- SHA256
  
  64334d48caa57fadc26cfbc49270464d3f5e1d94c154c1d8e93233eac255d5a9
- SHA512
  
  b1026c111fcc4663c3c8cc36a53237728b8a08b45dcaebe5b0f5c2c0cba3086c8f980833b4a4adda78732a1d7e6aa07c6721610c8b229ff4294d422c3d85aaa2
- SSDEEP
  
  3072:tbJV6Vf61gH2L9PuW+d1ZM23XxfkIrlB3PYysK8JEpsTTX:B68eHipuD3XVkwlB3sKfpYT
Score

10^/10

agilenet evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetevasionpersistence

behavioral2

agilenetevasionpersistence

© 2018-2024

Terms | Privacy