Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
Advanced_Office_Password_keygen_by_Lz0.exe
10MB
201125-6hnhnm4yds
70f9b5c874247767818d2de02281fd41
8ac47bc638e30e42ac84e7e3c7fcb671c9c7b308
c6891f5d4c1d15cf0e820198cd140abd64106758dc19968a9b519dff85c5ec93
be9cf6c81c5e2215ba09de022645ac47ddbc27685ccbf1b7da196306fa88ad6e10f5ddc0c456e46914e52360d337fcc962fd406889acf492e2c1e4b2d83706a6
Family | azorult |
C2 |
http://kvaka.li/1210776429.php |
Family | smokeloader |
Version | 2020 |
C2 |
http://naritouzina.net/ http://nukaraguasleep.net/ http://notfortuaj.net/ http://natuturalistic.net/ http://zaniolofusa.net/ http://vintrsi.com/upload/ http://woatdert.com/upload/ http://waruse.com/upload/ |
rc4.i32 |
|
rc4.i32 |
|
Family | smokeloader |
Version | 2019 |
C2 |
http://10022020newfolder1002002131-service1002.space/ http://10022020newfolder1002002231-service1002.space/ http://10022020newfolder3100231-service1002.space/ http://10022020newfolder1002002431-service1002.space/ http://10022020newfolder1002002531-service1002.space/ http://10022020newfolder33417-01242510022020.space/ http://10022020test125831-service1002012510022020.space/ http://10022020test136831-service1002012510022020.space/ http://10022020test147831-service1002012510022020.space/ http://10022020test146831-service1002012510022020.space/ http://10022020test134831-service1002012510022020.space/ http://10022020est213531-service100201242510022020.ru/ http://10022020yes1t3481-service1002012510022020.ru/ http://10022020test13561-service1002012510022020.su/ http://10022020test14781-service1002012510022020.info/ http://10022020test13461-service1002012510022020.net/ http://10022020test15671-service1002012510022020.tech/ http://10022020test12671-service1002012510022020.online/ http://10022020utest1341-service1002012510022020.ru/ http://10022020uest71-service100201dom2510022020.ru/ http://10022020test61-service1002012510022020.website/ http://10022020test51-service1002012510022020.xyz/ http://10022020test41-service100201pro2510022020.ru/ http://10022020yest31-service100201rus2510022020.ru/ http://10022020rest21-service1002012510022020.eu/ http://10022020test11-service1002012510022020.press/ http://10022020newfolder4561-service1002012510022020.ru/ http://10022020rustest213-service1002012510022020.ru/ http://10022020test281-service1002012510022020.ru/ http://10022020test261-service1002012510022020.space/ http://10022020yomtest251-service1002012510022020.ru/ http://10022020yirtest231-service1002012510022020.ru/ |
rc4.i32 |
|
rc4.i32 |
|
Advanced_Office_Password_keygen_by_Lz0.exe
70f9b5c874247767818d2de02281fd41
10MB
8ac47bc638e30e42ac84e7e3c7fcb671c9c7b308
c6891f5d4c1d15cf0e820198cd140abd64106758dc19968a9b519dff85c5ec93
be9cf6c81c5e2215ba09de022645ac47ddbc27685ccbf1b7da196306fa88ad6e10f5ddc0c456e46914e52360d337fcc962fd406889acf492e2c1e4b2d83706a6
Agent Tesla is a remote access tool (RAT) written in visual basic.
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Detects ServiceHost packer used for .NET malware
Office document equipped with 4.0 macros.
Detects executables packed with UPX/modified UPX open source packer.
Detects executables packed with VMProtect commercial packer.
Email clients store some user data on disk where infostealers will often target it.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Attempts to read the root path of hard drives other than the default C: drive.
Uses a legitimate IP lookup service to find the infected system's external IP.
Bootkits write to the MBR to gain persistence at a level below the operating system.