d0be29109f3ccf8129a7d7a1ad7d30ba085e2ca57945afc2aa56c706123aeaee | Triage

Submit
Reports

Overview

overview

8

Static

static

7

de4dot.7z

windows10-2004-x64

8

Sharing

General

Target

de4dot.7z
Size

1.5MB
Sample

240608-xqr7cseg8x
MD5

b9fcb0ca9df2e16c4d58ea2ec90f624a
SHA1

1f71e1b3928a8dda0a9b40fa003a38bccd80b33f
SHA256

d0be29109f3ccf8129a7d7a1ad7d30ba085e2ca57945afc2aa56c706123aeaee
SHA512

013425a8625bc4b90a9bf8d44e87d887db0f4f1d7255911955cd2561cfcf3b4473ce1cc81bf66b33348b91b7b82416bce77857b074c90df12b1f01dd6cd2f305
SSDEEP

24576:ODiN38BqKBVH55ZmdT4oGziImlVAHGK3T7KcQt4vCtpkIKGjoec4rot7KZm2QZYB:OK38BqyZ6/tlNsTW4vCtpxljQCot70QG

Score

8^/10

agilenet execution

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

de4dot.7z

Resource

win10v2004-20240426-en

agilenet execution

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  de4dot.7z
- Size
  
  1.5MB
- MD5
  
  b9fcb0ca9df2e16c4d58ea2ec90f624a
- SHA1
  
  1f71e1b3928a8dda0a9b40fa003a38bccd80b33f
- SHA256
  
  d0be29109f3ccf8129a7d7a1ad7d30ba085e2ca57945afc2aa56c706123aeaee
- SHA512
  
  013425a8625bc4b90a9bf8d44e87d887db0f4f1d7255911955cd2561cfcf3b4473ce1cc81bf66b33348b91b7b82416bce77857b074c90df12b1f01dd6cd2f305
- SSDEEP
  
  24576:ODiN38BqKBVH55ZmdT4oGziImlVAHGK3T7KcQt4vCtpkIKGjoec4rot7KZm2QZYB:OK38BqyZ6/tlNsTW4vCtpxljQCot70QG
Score

8^/10

agilenet execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetexecution

© 2018-2024

Terms | Privacy