9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5 | Triage

Submit
Reports

Overview

overview

Static

static

1

chrome goo...ft.exe

windows10-2004-x64

Sharing

General

Target

chrome google Soft.exe
Size

8.1MB
Sample

230408-v9md4sgc8z
MD5

602dd59073ca0509edb53e16bebf365a
SHA1

082ec8af3e339788b30e118f275e78651fc91755
SHA256

9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5
SHA512

d867af4120a3fdfcd0e15fea729b361a438a5d3db98d1620c9294aab1bcce09c2090b21ba2ac266014b9fc7bc5e063eba7baefe7d7999b01a8056495d3f849b4
SSDEEP

196608:W9EHUdWdI9Qb80y23OTUneFhO10gRe1ZXW5+djqkppLmLR:oWdI5YOo+hO10H9W5+FJpY

Score

10^/10

agilenet discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

chrome google Soft.exe

Resource

win10v2004-20230220-en

agilenet discovery evasion persistence trojan

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  chrome google Soft.exe
- Size
  
  8.1MB
- MD5
  
  602dd59073ca0509edb53e16bebf365a
- SHA1
  
  082ec8af3e339788b30e118f275e78651fc91755
- SHA256
  
  9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5
- SHA512
  
  d867af4120a3fdfcd0e15fea729b361a438a5d3db98d1620c9294aab1bcce09c2090b21ba2ac266014b9fc7bc5e063eba7baefe7d7999b01a8056495d3f849b4
- SSDEEP
  
  196608:W9EHUdWdI9Qb80y23OTUneFhO10gRe1ZXW5+djqkppLmLR:oWdI5YOo+hO10H9W5+FJpY
Score

10^/10

agilenet discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

agilenetdiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy