outsteel | ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc | Triage

Submit
Reports

Overview

overview

Static

static

1

ec8868287e...dc.exe

windows7-x64

ec8868287e...dc.exe

windows10-2004-x64

Sharing

General

Target

ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc
Size

2.2MB
Sample

240410-r5vcdabf88
MD5

b69de5d4550ed214bcc8ad2f839735d8
SHA1

f7806011d03923ffe4f4eb92891289efdeb003e8
SHA256

ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc
SHA512

7e8e139d3f82d091c10a8064a855a7fbb237db05c4f5142f5551024ad7e6408ad1ff8578ab8410899cf515be9da6ef0d73b03345bca14777d8656403dc14b80a
SSDEEP

49152:Ay9iPrDpnwGFdQD9OAjkx6KS/RNvfi4A2400000000000000000000000000000l:nujFMOAjkgKib200000000000000000F

Score

10^/10

outsteel agilenet spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc.exe

Resource

win7-20240221-en

outsteel agilenet spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc.exe

Resource

win10v2004-20240226-en

outsteel agilenet spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc
- Size
  
  2.2MB
- MD5
  
  b69de5d4550ed214bcc8ad2f839735d8
- SHA1
  
  f7806011d03923ffe4f4eb92891289efdeb003e8
- SHA256
  
  ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc
- SHA512
  
  7e8e139d3f82d091c10a8064a855a7fbb237db05c4f5142f5551024ad7e6408ad1ff8578ab8410899cf515be9da6ef0d73b03345bca14777d8656403dc14b80a
- SSDEEP
  
  49152:Ay9iPrDpnwGFdQD9OAjkx6KS/RNvfi4A2400000000000000000000000000000l:nujFMOAjkgKib200000000000000000F
Score

10^/10

outsteel agilenet spyware stealer
- OutSteel
  OutSteel is a file uploader and document stealer written in AutoIT.
  stealer outsteel
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

outsteelagilenetspywarestealer

behavioral2

outsteelagilenetspywarestealer

© 2018-2024

Terms | Privacy