788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

DOOR-MET_23045112.exe

windows10-2004-x64

8

Resubmissions

03-04-2023 18:17

230403-ww794aab7s 8

03-04-2023 18:16

230403-wwe9baab6x 10

03-04-2023 14:33

230403-rwvlsafc83 10

Sharing

General

Target

DOOR-MET_23045112.exe
Size

658KB
Sample

230403-ww794aab7s
MD5

f4a6d37fefe83f89c2f6b1f253bb9c2c
SHA1

58ac04dfcc1f0bbf7c41181102f9371a67cda336
SHA256

788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e
SHA512

37f6a03d1356aa442ddc61c230549282fa5f5ce8d3aac4792e26cbbb51f75090b0ab8a0e9139304ee6b89530662cf2ee24033573b80f8b81a27fbcf6ee220e0f
SSDEEP

12288:q6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:Sku/6gQMc6uqhrqW/N

Score

8^/10

agilenet persistence

Static task

static1

Behavioral task

behavioral1

Sample

DOOR-MET_23045112.exe

Resource

win10v2004-20230220-en

agilenet persistence

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  DOOR-MET_23045112.exe
- Size
  
  658KB
- MD5
  
  f4a6d37fefe83f89c2f6b1f253bb9c2c
- SHA1
  
  58ac04dfcc1f0bbf7c41181102f9371a67cda336
- SHA256
  
  788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e
- SHA512
  
  37f6a03d1356aa442ddc61c230549282fa5f5ce8d3aac4792e26cbbb51f75090b0ab8a0e9139304ee6b89530662cf2ee24033573b80f8b81a27fbcf6ee220e0f
- SSDEEP
  
  12288:q6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:Sku/6gQMc6uqhrqW/N
Score

8^/10

agilenet persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetpersistence

© 2018-2024

Terms | Privacy