Overview

overview

10

Static

static

3

Downloaders.zip

windows10-1703-x64

10

Resubmissions

05-02-2025 05:35

250205-gabxfatmcq 10

03-02-2025 03:04

250203-dkkqjszkhq 10

03-02-2025 02:21

250203-cs7plsylfr 10

03-02-2025 02:20

250203-csf7nawqbz 10

02-02-2025 21:21

250202-z7mdjsylhx 3

02-02-2025 18:40

250202-xbfvsawpaq 10

02-02-2025 18:19

250202-wyncpstlfw 10

24-01-2025 01:23

250124-br1z1asnhz 10

24-01-2025 00:12

250124-ag75wssjak 10

28-11-2024 02:19

241128-cr9sks1kht 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloaders.zip

  • Size

    12KB

  • Sample

    240511-k84a5ade28

  • MD5

    94fe78dc42e3403d06477f995770733c

  • SHA1

    ea6ba4a14bab2a976d62ea7ddd4940ec90560586

  • SHA256

    16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267

  • SHA512

    add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff

  • SSDEEP

    384:6BfwcSEp9ZjKXSBIDv4dDfjlMJ7HWTHWB:efACW6Dr8HWTHWB

Score
10/10
agentteslaredlineriseprosectopratzgratclientevasionexecutioninfostealerkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Extracted

Family

agenttesla

Credentials

Extracted

Family

redline

Botnet

client

C2

195.10.205.91:1707

Targets

    • Target

      Downloaders.zip

    • Size

      12KB

    • MD5

      94fe78dc42e3403d06477f995770733c

    • SHA1

      ea6ba4a14bab2a976d62ea7ddd4940ec90560586

    • SHA256

      16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267

    • SHA512

      add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff

    • SSDEEP

      384:6BfwcSEp9ZjKXSBIDv4dDfjlMJ7HWTHWB:efACW6Dr8HWTHWB

    Score
    10/10
    agentteslaredlineriseprosectopratzgratclientevasionexecutioninfostealerkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks