9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c | Triage

Submit
Reports

Overview

overview

9

Static

static

9314cc8e14...1c.exe

windows7_x64

9

9314cc8e14...1c.exe

windows10_x64

9

Sharing

General

Target

9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c
Size

553KB
Sample

220122-bylhwshcdp
MD5

47241b232e909b7a263d4229cf229b17
SHA1

96e56e95aa15619f513672c669946bb86185b8d6
SHA256

9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c
SHA512

65d17e5033051aa215cea99402e9410e40b264b12265e4887121cfc2bcd86376aaf110d99e5e89367c07df0d76c39301ab8ad8e5e47978120bc3e3188e9f7fe1

Score

9^/10

agilenet collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c.exe

Resource

win7-en-20211208

agilenet collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c.exe

Resource

win10-en-20211208

agilenet collection spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c
- Size
  
  553KB
- MD5
  
  47241b232e909b7a263d4229cf229b17
- SHA1
  
  96e56e95aa15619f513672c669946bb86185b8d6
- SHA256
  
  9314cc8e14abbb1d999dad197928994870796ecb38f9231dbfa520f7e886281c
- SHA512
  
  65d17e5033051aa215cea99402e9410e40b264b12265e4887121cfc2bcd86376aaf110d99e5e89367c07df0d76c39301ab8ad8e5e47978120bc3e3188e9f7fe1
Score

9^/10

agilenet collection spyware stealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetcollectionspywarestealer

behavioral2

agilenetcollectionspywarestealer

© 2018-2024

Terms | Privacy