Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
https://cracknet.net/last_query.php
201125-5934h8cvb6
Family | azorult |
C2 |
http://kvaka.li/1210776429.php |
Family | smokeloader |
Version | 2020 |
C2 |
http://naritouzina.net/ http://nukaraguasleep.net/ http://notfortuaj.net/ http://natuturalistic.net/ http://zaniolofusa.net/ http://vintrsi.com/upload/ http://woatdert.com/upload/ http://waruse.com/upload/ |
rc4.i32 |
|
rc4.i32 |
|
Family | smokeloader |
Version | 2019 |
C2 |
http://10022020newfolder1002002131-service1002.space/ http://10022020newfolder1002002231-service1002.space/ http://10022020newfolder3100231-service1002.space/ http://10022020newfolder1002002431-service1002.space/ http://10022020newfolder1002002531-service1002.space/ http://10022020newfolder33417-01242510022020.space/ http://10022020test125831-service1002012510022020.space/ http://10022020test136831-service1002012510022020.space/ http://10022020test147831-service1002012510022020.space/ http://10022020test146831-service1002012510022020.space/ http://10022020test134831-service1002012510022020.space/ http://10022020est213531-service100201242510022020.ru/ http://10022020yes1t3481-service1002012510022020.ru/ http://10022020test13561-service1002012510022020.su/ http://10022020test14781-service1002012510022020.info/ http://10022020test13461-service1002012510022020.net/ http://10022020test15671-service1002012510022020.tech/ http://10022020test12671-service1002012510022020.online/ http://10022020utest1341-service1002012510022020.ru/ http://10022020uest71-service100201dom2510022020.ru/ http://10022020test61-service1002012510022020.website/ http://10022020test51-service1002012510022020.xyz/ http://10022020test41-service100201pro2510022020.ru/ http://10022020yest31-service100201rus2510022020.ru/ http://10022020rest21-service1002012510022020.eu/ http://10022020test11-service1002012510022020.press/ http://10022020newfolder4561-service1002012510022020.ru/ http://10022020rustest213-service1002012510022020.ru/ http://10022020test281-service1002012510022020.ru/ http://10022020test261-service1002012510022020.space/ http://10022020yomtest251-service1002012510022020.ru/ http://10022020yirtest231-service1002012510022020.ru/ |
rc4.i32 |
|
rc4.i32 |
|
https://cracknet.net/last_query.php
Agent Tesla is a remote access tool (RAT) written in visual basic.
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Detects ServiceHost packer used for .NET malware
Office document equipped with 4.0 macros.
Detects executables packed with UPX/modified UPX open source packer.
Detects executables packed with VMProtect commercial packer.
Email clients store some user data on disk where infostealers will often target it.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Attempts to read the root path of hard drives other than the default C: drive.
Uses a legitimate IP lookup service to find the infected system's external IP.
Bootkits write to the MBR to gain persistence at a level below the operating system.