4165a8ea1f11af46b2ac475c41bce70b498007c31e366707c81c8890afdd77e4 | Triage

Submit
Reports

Overview

overview

Static

static

1

wallpaper (1).jpg

windows10-2004-x64

Sharing

General

Target

wallpaper (1).jpg
Size

28KB
Sample

240508-xw823adc84
MD5

bdd8868b21390b0f69a5a0dc956a492e
SHA1

c1aab129d3c0f73a143fbbce40de80b12cc4a003
SHA256

4165a8ea1f11af46b2ac475c41bce70b498007c31e366707c81c8890afdd77e4
SHA512

865347cc8637c1282aa737c1012ee05ddd2e50b255b75191f0179f7b28ee04e2fe00320b51f8cb5a9e3de640528531726a296f0b30b16b828451e7d42864362e
SSDEEP

384:glIaWtdyGKa+GorT05y/KVNC1+YwcPPmAJyyZsw4575Dwf9fsdYHl5Bp1GlT7EHj:kInd52yCPPPm97mFkmLp1m7ED

Score

10^/10

agilenet evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

wallpaper (1).jpg

Resource

win10v2004-20240508-en

agilenet evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  wallpaper (1).jpg
- Size
  
  28KB
- MD5
  
  bdd8868b21390b0f69a5a0dc956a492e
- SHA1
  
  c1aab129d3c0f73a143fbbce40de80b12cc4a003
- SHA256
  
  4165a8ea1f11af46b2ac475c41bce70b498007c31e366707c81c8890afdd77e4
- SHA512
  
  865347cc8637c1282aa737c1012ee05ddd2e50b255b75191f0179f7b28ee04e2fe00320b51f8cb5a9e3de640528531726a296f0b30b16b828451e7d42864362e
- SSDEEP
  
  384:glIaWtdyGKa+GorT05y/KVNC1+YwcPPmAJyyZsw4575Dwf9fsdYHl5Bp1GlT7EHj:kInd52yCPPPm97mFkmLp1m7ED
Score

10^/10

agilenet evasion trojan
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetevasiontrojan

© 2018-2024

Terms | Privacy