811d7323fa48438a743e869bdb80f7276ad748f54795bb087222d492847ce3be | Triage

Submit
Reports

Overview

overview

7

Static

static

3

b48995b40f...18.exe

windows7-x64

7

b48995b40f...18.exe

windows10-2004-x64

7

Sharing

General

Target

b48995b40f916f1ae6a1a2a5b8127f13_JaffaCakes118
Size

1.2MB
Sample

240616-t17g9atglk
MD5

b48995b40f916f1ae6a1a2a5b8127f13
SHA1

4f9741110d556f4cb7d844d268aaadc7ba6802aa
SHA256

811d7323fa48438a743e869bdb80f7276ad748f54795bb087222d492847ce3be
SHA512

d7bca5a1f89af01dc41ffd94910b2c5f9ac7ea408c0596faeeaf21b2e861bf7f7a735d5797722c3392f9341b8e70343be37c82223fef063d8aa79abf547bbfd5
SSDEEP

24576:s4TPK8m6lgMi4zVB8A+rCNGYFKbrJtgQkn2/n+De+8Y7/82C+jrGBnd8N:s4rRBlgKuA+rCNGIK5tgzn2/W+Y42FGy

Score

7^/10

agilenet discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b48995b40f916f1ae6a1a2a5b8127f13_JaffaCakes118.exe

Resource

win7-20240220-en

agilenet discovery spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b48995b40f916f1ae6a1a2a5b8127f13_JaffaCakes118.exe

Resource

win10v2004-20240508-en

agilenet discovery spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b48995b40f916f1ae6a1a2a5b8127f13_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  b48995b40f916f1ae6a1a2a5b8127f13
- SHA1
  
  4f9741110d556f4cb7d844d268aaadc7ba6802aa
- SHA256
  
  811d7323fa48438a743e869bdb80f7276ad748f54795bb087222d492847ce3be
- SHA512
  
  d7bca5a1f89af01dc41ffd94910b2c5f9ac7ea408c0596faeeaf21b2e861bf7f7a735d5797722c3392f9341b8e70343be37c82223fef063d8aa79abf547bbfd5
- SSDEEP
  
  24576:s4TPK8m6lgMi4zVB8A+rCNGYFKbrJtgQkn2/n+De+8Y7/82C+jrGBnd8N:s4rRBlgKuA+rCNGIK5tgzn2/W+Y42FGy
Score

7^/10

agilenet discovery spyware stealer
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetdiscoveryspywarestealer

behavioral2

agilenetdiscoveryspywarestealer

© 2018-2024

Terms | Privacy