liamhugox.exe

General
Target

liamhugox.exe

Size

23KB

Sample

210121-v93y4ykglx

Score
10 /10
MD5

bf36c3069116a3da50f1064adfdd155a

SHA1

cbb6f81f80e270ca89059eb96aab393f7b513044

SHA256

5d555eddfc23183dd821432fd2a4a04a543c8c1907b636440eb6e7d21829576c

SHA512

8c557a6943de45b1405405dea568a726eaf6f7b4874b0b93efaba467f3454bf68f674bb52d2c5e69fafdf3b530bcdc57cfc53c3443f6f95b8b561508c84a81bc

Malware Config
Targets
Target

liamhugox.exe

MD5

bf36c3069116a3da50f1064adfdd155a

Filesize

23KB

Score
10 /10
SHA1

cbb6f81f80e270ca89059eb96aab393f7b513044

SHA256

5d555eddfc23183dd821432fd2a4a04a543c8c1907b636440eb6e7d21829576c

SHA512

8c557a6943de45b1405405dea568a726eaf6f7b4874b0b93efaba467f3454bf68f674bb52d2c5e69fafdf3b530bcdc57cfc53c3443f6f95b8b561508c84a81bc

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks