Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
0x000400000001b711-2723.exe
286KB
201125-9877esbt9s
75ea3fd13086e51a3e2833263dc726cd
9f27dc43612b0d5a7d4dbef527b4dbd042957e57
43929c8548157f399526e8318e42e34f78055b22bb4b3e6e83ab58f63d017f44
54941d724da104089b48af4eeb0b4491868d2910044fc29362f6093160f640941739922fc02fcd831a8885584125497023543f482b87add6f0f343e7f67e3b9f
Family | smokeloader |
Version | 2020 |
C2 |
http://naritouzina.net/ http://nukaraguasleep.net/ http://notfortuaj.net/ http://natuturalistic.net/ http://zaniolofusa.net/ http://vintrsi.com/upload/ http://woatdert.com/upload/ http://waruse.com/upload/ |
rc4.i32 |
|
rc4.i32 |
|
Family | smokeloader |
Version | 2019 |
C2 |
http://10022020newfolder1002002131-service1002.space/ http://10022020newfolder1002002231-service1002.space/ http://10022020newfolder3100231-service1002.space/ http://10022020newfolder1002002431-service1002.space/ http://10022020newfolder1002002531-service1002.space/ http://10022020newfolder33417-01242510022020.space/ http://10022020test125831-service1002012510022020.space/ http://10022020test136831-service1002012510022020.space/ http://10022020test147831-service1002012510022020.space/ http://10022020test146831-service1002012510022020.space/ http://10022020test134831-service1002012510022020.space/ http://10022020est213531-service100201242510022020.ru/ http://10022020yes1t3481-service1002012510022020.ru/ http://10022020test13561-service1002012510022020.su/ http://10022020test14781-service1002012510022020.info/ http://10022020test13461-service1002012510022020.net/ http://10022020test15671-service1002012510022020.tech/ http://10022020test12671-service1002012510022020.online/ http://10022020utest1341-service1002012510022020.ru/ http://10022020uest71-service100201dom2510022020.ru/ http://10022020test61-service1002012510022020.website/ http://10022020test51-service1002012510022020.xyz/ http://10022020test41-service100201pro2510022020.ru/ http://10022020yest31-service100201rus2510022020.ru/ http://10022020rest21-service1002012510022020.eu/ http://10022020test11-service1002012510022020.press/ http://10022020newfolder4561-service1002012510022020.ru/ http://10022020rustest213-service1002012510022020.ru/ http://10022020test281-service1002012510022020.ru/ http://10022020test261-service1002012510022020.space/ http://10022020yomtest251-service1002012510022020.ru/ http://10022020yirtest231-service1002012510022020.ru/ |
rc4.i32 |
|
rc4.i32 |
|
0x000400000001b711-2723.exe
75ea3fd13086e51a3e2833263dc726cd
286KB
9f27dc43612b0d5a7d4dbef527b4dbd042957e57
43929c8548157f399526e8318e42e34f78055b22bb4b3e6e83ab58f63d017f44
54941d724da104089b48af4eeb0b4491868d2910044fc29362f6093160f640941739922fc02fcd831a8885584125497023543f482b87add6f0f343e7f67e3b9f
Agent Tesla is a remote access tool (RAT) written in visual basic.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
Detects executables packed with UPX/modified UPX open source packer.
Detects executables packed with VMProtect commercial packer.
Email clients store some user data on disk where infostealers will often target it.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.