Overview

overview

10

Static

static

7

Rage Injec....0.exe

windows7_x64

7

Rage Injec....0.exe

windows10_x64

10

Analysis

  • max time kernel
    61s
  • max time network
    118s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-04-2021 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rage Injector v2.0.exe

  • Size

    444KB

  • MD5

    3cd5c25179eb316711630698a713b187

  • SHA1

    d77ec46b4bd6d47e4b167ce1aaabec72981730a6

  • SHA256

    f4f845267f7126cfdfc8ca2aa6ebe1dd3833a74e393b1d0acf76cb33acb3e740

  • SHA512

    ef7f6dbcaba58289b61fb9bc29d1707caa9d66e8f662a79a29af38cc2fb8e25054e5e7157263c70e93c852d2cf5780e2df3bdacc3d567d4cedf26cd2d5502652

Score
10/10
agilenetspywarestealer

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rage Injector v2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Rage Injector v2.0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1908
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1908 -s 1452
      2⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1948

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9cd3d4cf-a897-4be6-af78-67aff3a297b5\AgileDotNetRT64.dll
    MD5

    e8641f344213ca05d8b5264b5f4e2dee

    SHA1

    96729e31f9b805800b2248fd22a4b53e226c8309

    SHA256

    85e82b9e9200e798e8f434459eacee03ed9818cc6c9a513fe083e72d48884e24

    SHA512

    3130f32c100ecb97083ad8ac4c67863e9ceed3a9b06fc464d1aeeaec389f74c8bf56f4ce04f6450fd2cc0fa861d085101c433cfa4bec3095f8ebeeb53b739109

    Download Submit
  • \Users\Admin\AppData\Local\Temp\d5d70971-f4f3-4ecf-92b7-a31aca428458\AgileDotNetRT64.dll
    MD5

    e8641f344213ca05d8b5264b5f4e2dee

    SHA1

    96729e31f9b805800b2248fd22a4b53e226c8309

    SHA256

    85e82b9e9200e798e8f434459eacee03ed9818cc6c9a513fe083e72d48884e24

    SHA512

    3130f32c100ecb97083ad8ac4c67863e9ceed3a9b06fc464d1aeeaec389f74c8bf56f4ce04f6450fd2cc0fa861d085101c433cfa4bec3095f8ebeeb53b739109

    Download Submit
  • memory/1908-114-0x00000000006E0000-0x00000000006E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1908-117-0x00007FFCB1940000-0x00007FFCB1A6C000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1908-119-0x000000001B3B0000-0x000000001B417000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1908-118-0x000000001B0F0000-0x000000001B136000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1908-120-0x000000001B190000-0x000000001B192000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1908-122-0x000000001B192000-0x000000001B194000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1908-123-0x000000001B194000-0x000000001B195000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1908-124-0x000000001B197000-0x000000001B199000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1908-125-0x000000001B195000-0x000000001B197000-memory.dmp
    Filesize

    8KB

    Download