538d1dcf99d55168d325f67d6032c5167aad3b7493aec9a44beb55076b86042c | Triage

Submit
Reports

Overview

overview

7

Static

static

3

06d8a1accf...f0.exe

windows7-x64

7

06d8a1accf...f0.exe

windows10-2004-x64

7

Sharing

General

Target

06d8a1accf0a9b34aaee3e1ec50552f0.exe
Size

97KB
Sample

240513-j1jfbagg53
MD5

06d8a1accf0a9b34aaee3e1ec50552f0
SHA1

f04d0ecade66d957198bfecc301e5e91e6896189
SHA256

538d1dcf99d55168d325f67d6032c5167aad3b7493aec9a44beb55076b86042c
SHA512

1b2a46e248eef8f5083b7ac35e708a587b248f43d393df154b5e06cb2c867707c53b89a480d7433e7fefa9d8a3f854b2b1a195b2f83755eafbeca0c51a897dca
SSDEEP

768:UWad3TAg33EzacC4Esfi7vpfM6ZHWaddlRf:cFf3PcC4EwiFnf

Score

7^/10

agilenet collection execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

06d8a1accf0a9b34aaee3e1ec50552f0.exe

Resource

win7-20240215-en

agilenet collection execution spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

06d8a1accf0a9b34aaee3e1ec50552f0.exe

Resource

win10v2004-20240508-en

agilenet execution spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  06d8a1accf0a9b34aaee3e1ec50552f0.exe
- Size
  
  97KB
- MD5
  
  06d8a1accf0a9b34aaee3e1ec50552f0
- SHA1
  
  f04d0ecade66d957198bfecc301e5e91e6896189
- SHA256
  
  538d1dcf99d55168d325f67d6032c5167aad3b7493aec9a44beb55076b86042c
- SHA512
  
  1b2a46e248eef8f5083b7ac35e708a587b248f43d393df154b5e06cb2c867707c53b89a480d7433e7fefa9d8a3f854b2b1a195b2f83755eafbeca0c51a897dca
- SSDEEP
  
  768:UWad3TAg33EzacC4Esfi7vpfM6ZHWaddlRf:cFf3PcC4EwiFnf
Score

7^/10

agilenet collection execution spyware stealer
- Drops startup file
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetcollectionexecutionspywarestealer

behavioral2

agilenetexecutionspywarestealer

© 2018-2024

Terms | Privacy