fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786 | Triage

Submit
Reports

Overview

overview

Static

static

3

b28242123e...29.dll

windows10-2004-x64

Resubmissions

19-12-2024 08:32

241219-kfqvbsxmgl 10

19-12-2024 08:29

241219-kd1azswrh1 10

19-12-2024 08:22

241219-j9qkzsxkhl 10

19-12-2024 08:18

241219-j7clcaxkbl 6

19-12-2024 08:10

241219-j2wf9swmgz 7

19-12-2024 07:51

241219-jqbbyswnbq 8

19-12-2024 07:46

241219-jlylpavray 3

Sharing

General

Target

b28242123ed2cf6000f0aa036844bd29
Size

87KB
Sample

241219-kfqvbsxmgl
MD5

b28242123ed2cf6000f0aa036844bd29
SHA1

915f41a6c59ed743803ea0ddde08927ffd623586
SHA256

fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
SHA512

08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
SSDEEP

1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc

Score

10^/10

agilenet bootkit discovery evasion persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b28242123ed2cf6000f0aa036844bd29.dll

Resource

win10v2004-20241007-en

agilenet bootkit discovery evasion persistence phishing trojan

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  b28242123ed2cf6000f0aa036844bd29
- Size
  
  87KB
- MD5
  
  b28242123ed2cf6000f0aa036844bd29
- SHA1
  
  915f41a6c59ed743803ea0ddde08927ffd623586
- SHA256
  
  fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
- SHA512
  
  08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
- SSDEEP
  
  1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Score

10^/10

agilenet bootkit discovery evasion persistence phishing trojan
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetbootkitdiscoveryevasionpersistencephishingtrojan

© 2018-2024

Terms | Privacy