eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2 | Triage

Sharing

General

Target

MrsMajor 3.0.7z
Size

234KB
Sample

240219-vb3nfage8w
MD5

fedb45ddbd72fc70a81c789763038d81
SHA1

f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256

eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512

813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
SSDEEP

6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT

Score

10^/10

agilenet evasion trojan

Malware Config

Targets

- Target
  
  MrsMajor 3.0.7z
- Size
  
  234KB
- MD5
  
  fedb45ddbd72fc70a81c789763038d81
- SHA1
  
  f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
- SHA256
  
  eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
- SHA512
  
  813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
- SSDEEP
  
  6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT
Score

10^/10

agilenet evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agilenetevasiontrojan