f352c5a50bd9731e4178ee590fbfbc154f61da150534fdb33bd5f667505181d1 | Triage

Sharing

General

Target

MINECRAFTHACK.zip.zip
Size

1.4MB
Sample

210422-vg1pbrcqnx
MD5

b7203300ed8fcdbeb0fca38117769211
SHA1

307aad4daa0c36da94734425cfb085d9969f8c54
SHA256

f352c5a50bd9731e4178ee590fbfbc154f61da150534fdb33bd5f667505181d1
SHA512

913c58802e528873a7497a3bc455d93ed5db8b303b5f2f92d531c60cb2494c844623f28658745e5bd31deed7495bac4ab7fdb1fa4d7d8e10e65395767a537be9

Score

10^/10

agilenet spyware stealer

Malware Config

Targets

- Target
  
  API-MS-Win-core-xstate-l2-1-0.dll
- Size
  
  19KB
- MD5
  
  4f50c180c41117cdce24eb15a989945c
- SHA1
  
  338ca08fab142f2e221975ad36e24622ff636dbb
- SHA256
  
  c251c228c2e5c551a4df1d06f123f475aa4a1c94350e46e50399f28a1a15e1cb
- SHA512
  
  11a39943cd2e66acf3c241cd5a03c164bb5f5e484075d6c6420cccead99d0b37b23d833e5995555f15e3d9ce977e388f56bea7210287abcfbe84f654acd992a7
Score

1^/10
behavioral1 behavioral7
- Target
  
  Launcher.exe
- Size
  
  444KB
- MD5
  
  38cf4f1737d4cad4cf5e86876e44d57b
- SHA1
  
  8d1a83c2602cc7eac603b7a1e5bab090ab0a8f4e
- SHA256
  
  869f7061d2efc0c704b62d63f63df79108a52e0ae5fc412897aa57146d5b5775
- SHA512
  
  8c388fff4b099839b5df3c15bcc82ff99450660f0ae73f63933cfc6476aeb3572eaa53df57ff30fc7362d6eecdcca2c84258569f02910338e8e67578e9fc74be
Score

10^/10

agilenet spyware stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral2 behavioral8
- Target
  
  api-ms-win-crt-private-l1-1-0.dll
- Size
  
  69KB
- MD5
  
  50740f0bc326f0637c4166698298d218
- SHA1
  
  0c33cfe40edd278a692c2e73e941184fd24286d9
- SHA256
  
  adbb658dd1cbecaca7cc1322b51976f30b36ccf0a751f3bad1f29d350b192c9c
- SHA512
  
  f1331ab1d52fb681f51546168e9736e2f6163e0706955e85ac9e4544d575d50e6eacd90ea3e49cb8b69da34fe0b621b04661f0b6f09f7ce8ceca50308c263d03
Score

3^/10
behavioral3 behavioral9
- Target
  
  chrome_elf.dll
- Size
  
  791KB
- MD5
  
  99e9cafb3759b44c300ffca3cb452a4c
- SHA1
  
  4d1c0ec777c5a91571b8bae9cd64145a6553b15c
- SHA256
  
  100e5ab74b87bd6c85e9f7df4b452da23a2cc7033cde149d7f79e6007d4ca6f5
- SHA512
  
  6c605752a7f3652350fa02bc86ebed15c73562478160b94d564eaac961ae6d75967244a9e41193516c9adfe2e853a6d186de2a9a0c2054653868c41ce1c45299
Score

1^/10
behavioral4 behavioral10
- Target
  
  mtl_libovr.dll
- Size
  
  186KB
- MD5
  
  78df2cb7674cda9cbb5f343561e441ba
- SHA1
  
  3aade10dbf3c51233aa701ad1e12cd17a9dcb722
- SHA256
  
  2bd310f6f35a756a782bf6be42af297d50fdbca8ce7cb6bc0e2352e70134c67b
- SHA512
  
  ab5cd2dd701774d78cdf8fdef0a6eecb42ef72ea2ba013802322b141a531c5d182ffb2689607828833b4af97f5b703e8087d8566258989efb9885ebfcbf9ca7c
Score

1^/10
behavioral5 behavioral11
- Target
  
  qwindows.dll
- Size
  
  1.1MB
- MD5
  
  98154c945bd4f03456d4d6b7a12edf9b
- SHA1
  
  a90add5561c1d3f87b407303b769da569b2d742b
- SHA256
  
  eeff4fb35549b038bc9f46feaecd1e00832a1ab010b3a33754c8512f39e3cad1
- SHA512
  
  92fa865355a9ef75c6b46d261a5498f1a4f1d91ee98dea6e6a88149fd1dbc14291620ac7dbb317be76f4a9bae7d23f998a49dda42d009205e67e16e0eb36118c
Score

1^/10
behavioral6 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agilenetspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

agilenetspywarestealer

behavioral9

behavioral10

behavioral11

behavioral12