Extracted

• • Target

    Prueba de pago 7564545.exe

  • Size

    1.3MB

  • MD5

    7741e296fc7876e2cf35e44ba4264f47

  • SHA1

    265bb706ee04a4d3b6f23c87873bc7d5202c0de9

  • SHA256

    938a507f1786d7badcc95dca38a1d9bdb78984b051a68a7fd70a1b872b36a2b2

  • SHA512

    1caa387ded8ec1431cceba2def2abfdf53883fdb2c300d8a64de726f35e0a28f0036c29f0f2d894fcdcff6f6bcb6f827124ca6ca7419fa24d212d84ec5d21ffc

  • SSDEEP

    24576:99Q0lIVTRJRqhx+pF/GMvtfc+DBy/U77VaaG8uosbrDqa1VHWTcSdmWDxbLn/ohK:LQ0lsRzeMp8MtftD4M77YoOrDX1l2xb3

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1

• • Target

    $PLUGINSDIR/System.dll

  • Size

    11KB

  • MD5

    b8992e497d57001ddf100f9c397fcef5

  • SHA1

    e26ddf101a2ec5027975d2909306457c6f61cfbd

  • SHA256

    98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

  • SHA512

    8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

  • SSDEEP

    192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn

  Score

  3^/10
  behavioral2

• • Target

    $PROGRAMFILES/Sipidity/Abbelone.Non

  • Size

    379KB

  • MD5

    8ffd3dc77df5129c5bc55b200180a23a

  • SHA1

    1e771655920433a43066695e37e729c9e0fda16c

  • SHA256

    b59da9367f18e87776ea28287bf0e1c853321e6305579600c3a223ae4f6cd1f7

  • SHA512

    f5053b9a70157c933fb63c76749c18ebe2c9e8d7cc278006cc27a29a4e797f48b8e8cf23d421933bbd748043f22e4979afec82d2a74eea33ea20ef1a7dc0ef32

  • SSDEEP

    6144:cEKnB9gtI7ZKaGHR5DTFtn++0l6XM4DEUfRU4BRYhGGnnrry3VE/sGizIEOn0:UB9a4ANTFAZHOXRUp00ry382cx0

  Score

  3^/10
  behavioral3

• • Target

    $PROGRAMFILES/Sipidity/Glissette160.pri

  • Size

    569KB

  • MD5

    b16b23028c62ff07ac3b29f2c2ab80ea

  • SHA1

    e1151fdbf119b9509f8ca1c689eea7bd209adb74

  • SHA256

    fd29fdfd5ca0ffb10ef0e32d14adf26781ca61b58c954ab3dad8ce77c9b8fffe

  • SHA512

    c91dfe16282f99d1c9ad3084e43e61ef3fd27dd3a4ad3ca5661f771a6827209f631ef32023d091185c02b46bbe2726c7af8fac2179da57aa34b4af1d6ae8a5a9

  • SSDEEP

    384:2hcUaHIbJei0BlEy8m7f7e9yqjxs/xg9+dHm4jI87BD5A6zmdvj3wQTSdJG0nPZi:2KUd+lA9vC0+Bm4jI82jvTyNH8CA

  Score

  3^/10
  behavioral4

• • Target

    $PROGRAMFILES/Sipidity/Habilitetskravs.mac

  • Size

    1.3MB

  • MD5

    365587e565ffe65a052c52094e23475a

  • SHA1

    5ebc6f9af7ad9d2514cdeed56f718dc884e9545f

  • SHA256

    a127ed231db08055f2b644baf4f054800590a572af0f154b8c49259505a774c1

  • SHA512

    5f7ea78e0fc663cb067484e8ee07f417b9641536fd3ab49e87620931534dcafd0ca6e7928b441286ea73fed3658f4f9b2abdaf10798959db9be890aceb340231

  • SSDEEP

    768:iaVHwdeFqUyYEJQFfYweTvijMuHo6ysWmu/1cy6Nu9D:z

  Score

  3^/10
  behavioral5

• • Target

    $PROGRAMFILES/Sipidity/Implausibleness.kna

  • Size

    781KB

  • MD5

    bbbbb569bc7afe71f73ec0f610de9a2a

  • SHA1

    630a85e1c662dff1c438ab4d9e9744dbf5de4cfc

  • SHA256

    a112883b824b3a4bda4fd1a55d8f2ad7d0adeab738e835ff3a4fcebb698b1b3c

  • SHA512

    365a5fc1ff29fe5be4d64933bca42ee80dbced122bcbf9e5dabd967bf32e531dec2942323a2f5f4777d76bec669d3e2d083264b44512b17c1c6e967d97fbdc90

  • SSDEEP

    768:I4pozp0G1YLfbhToMsdRnyMQqGONyEqYK:

  Score

  3^/10
  behavioral6

• • Target

    $PROGRAMFILES/Sipidity/Pensumkravenes.for

  • Size

    978KB

  • MD5

    b0b13ae9d8897a8231e74007c9d7db80

  • SHA1

    443c9399fd6ab3c332c52a7d0c6a482ada2443a3

  • SHA256

    f479b7e7ed0353fa7e183e1b1fba5b7b95484b51d7971ed7eb6d01e0492a9a1e

  • SHA512

    9dcc6143611bfe35c42df9666fffa3fb12411741debfbe2e993668cb2790ee604692a3c20f76bce1232fa5672e76652a7951572a7f0dbd4b2f896a07aed102c5

  • SSDEEP

    768:fi/T7zHHHQk3z1bOg++EAJ3F8XLJ2UVgtI6rB3zs4Si:

  Score

  3^/10
  behavioral7

• • Target

    $PROGRAMFILES/Sipidity/Serotype.bra

  • Size

    1.1MB

  • MD5

    788a0ea757db5f0cca441b35b86ab49f

  • SHA1

    ce77750d223ebee596ddec0ff67c59ea65f2fd51

  • SHA256

    983c7c45194b4e810c55cbcbb1bb896ce64572990a5c66f14f81da52e6c331cf

  • SHA512

    2d332a50db7964273da4f617ebd0dee020052d7e8d1295e3ac1ca24199f63bb69ebccdf28a3226ba75f3d5012ad9a552ac7ae6f880546b0213c36e1ac33e0e15

  • SSDEEP

    768:8VoD82gnx/anBur6Y9V9j7TOMe3ma6z0Sxo:Q

  Score

  3^/10
  behavioral8

• • Target

    $PROGRAMFILES/Sipidity/Underholdtes47.txt

  • Size

    556B

  • MD5

    973e365a62d5391af00688295883c0c0

  • SHA1

    2d73c1e8d7fa952a23414bedf06a592e14ac1306

  • SHA256

    b70b16770127e330eac0f63c41313ed430b56c5392cace7e7f27f89bd4d68960

  • SHA512

    85f6e5be3d5371b671a6006257ab7c575cbaee4e1c9751385ec6f6d1070637ee9bd22517e2a425efa04357b027a724c6009c32f45637554c2dd221ccb22d4ba6

  Score

  1^/10
  behavioral9

• • Target

    $PROGRAMFILES/Sipidity/daabsgaverne.tri

  • Size

    716KB

  • MD5

    1f56c811f6ae220a2e5ade000713ab4f

  • SHA1

    28935dc6cc864747158a45d1d0628cdfd5bca32f

  • SHA256

    e2b228c45af0461d9e79943a4deab737313b5a5603314189e7712ba6010a16c3

  • SHA512

    76dcbd7c7adaa164dedc2cc069525895b56df9142e31cd1c004bc8f902351708a26058c6b1d1d4f3ee52e90bc569d4bf668688ef1477081f640307697658ce09

  • SSDEEP

    384:TS3JofUvOy20qCdDSVNRjEBz2DYNyqdgA/+z7uzfMw33EPwP8oFUWR5kxvhELXoK:TSOf/VjuKzsfWM1eMgqLab/

  Score

  3^/10
  behavioral10

• • Target

    $PROGRAMFILES/Sipidity/drees.vel

  • Size

    851KB

  • MD5

    9d642655cc7f7843fbe7e6e67bca0f10

  • SHA1

    5d3f6c9a1e55deed2bbacf6bdf543c011ff946a8

  • SHA256

    c2afa4a6d961d8fbbd18c6506ca7b1fc8389685ccb759c2ecf674517d04db411

  • SHA512

    15a15c956afb21e33bafa068c907ed94ff9fb6563963ea9b306601a83d9cec3c8d042c9cc4e6e5808e49f0407d0f678907f7c4dae10137d5a6c3f98de5c35d18

  • SSDEEP

    768:MEsNknz1VioLkquLlMJcAQttU0v8yymSg:m

  Score

  3^/10
  behavioral11

• • Target

    $PROGRAMFILES/Sipidity/efterspor.gro

  • Size

    800KB

  • MD5

    8bd3f314642b9799e7e69e9fa65e01ec

  • SHA1

    8067a71810723d6159b52ba32511876cc03f8690

  • SHA256

    f81774c7cc63065a02e88cf2104606470689996c046cea295af353471f32358c

  • SHA512

    5be195975fa783b9f6749cc9213e098a42c1645ed1d95d3622c96e8fd2392b6f3576f5d640d6b0f737a98eb5bc92812b10f98bc986c7138c52f1aa94a9bac733

  • SSDEEP

    384:VF4L755cctjxX/oZuMuE1wJpeH4a+EOn2yII4+8KkcpvFM11UBz9xDI6ggypzZpJ:74lti2yO/Wkko6SPEZpDlCsXP8+2FZn

  Score

  3^/10
  behavioral12

• • Target

    $PROGRAMFILES/Sipidity/flotillens.unc

  • Size

    1.0MB

  • MD5

    10d00fa45451b8ad26f9cb026c7fb075

  • SHA1

    ad509f8d1d07e6968f297bb2b3390c29ce835772

  • SHA256

    c2b7e5722b06153e65347395c89d55b138497c5430b171479d34b15d1da54a38

  • SHA512

    f42878c387619819f55c87f926700994b1addf3808088ae29230809acb4a85ebfdea17283a371e859686fbd1e1512f8727e22e3320084cc946b52f0d3718fdd8

  • SSDEEP

    768:hiwNKvh2Q5geMAoaMtixU7yrRhmMxdvx/EJzOiWNahYOr:f

  Score

  3^/10
  behavioral13

• • Target

    $PROGRAMFILES/Sipidity/fremgangsriges.xan

  • Size

    1.3MB

  • MD5

    414f6e061404bf0e358aa87f7be445ad

  • SHA1

    c80a9985c82e5fbe6802f245f7cbf8a744ab777c

  • SHA256

    2817608230a049631c4596ef8e156af5aead802f413a477b818fb73e4c96f7c6

  • SHA512

    c3925ce130dc2efd4cde7fe80054111770dd10d92367ddee8f2d79028c5e83026992ac1939a5b62ac92cd8befca05ce7d1907eed71de331b046da49e80986c01

  • SSDEEP

    768:dZBWj8JkMYf12wrYVRnJYIQ87Z0H85U+e9fsiWTlLZv70pbqmn8l5erREpe0v2w:

  Score

  3^/10
  behavioral14

• • Target

    $PROGRAMFILES/Sipidity/gasslangerne.con

  • Size

    1.3MB

  • MD5

    52e1314bba7bea9584d6df6aa0a7560e

  • SHA1

    b315576fe70ab16bdf946c47151f5a658d988860

  • SHA256

    3d5141ffc8bb01c2c4e91594f89f3ef1cdb3b504a6e5f2124201f4789d574bfe

  • SHA512

    2fa92a70fb4c8a146608f7ab9cfed7e9ee794837acee0a41435aa869339ca6033376f6640286d48939e9a2841273e807a563d5bb493e0aad1f8fe39891dc03bc

  • SSDEEP

    768:4rnuQrjvSopHklBJUcC+FihxLL12LH8at0wWj46CE7z8Ql6Mhlt046Tw3:Z

  Score

  3^/10
  behavioral15

• • Target

    hacking.kon

  • Size

    1.2MB

  • MD5

    f4f2d547835ae8237a263596b4f017ae

  • SHA1

    34642fbf6c34bb2854a8a90c65630c503257adfe

  • SHA256

    0fb8ec4acb364766abb6d34045de0870b47235c3d490f0dcababa4d6a92e15ce

  • SHA512

    a5badf342d3b71178607b396860779a00fc10170ca57ada62d0b91a61e7c15f685dc6f4a490c3a670b026622662fa9df112478698a5a01053a6041932893f2f2

  • SSDEEP

    768:43dLOGdpa4/zmlTEBv4W1tBTqT35Abx2/LeqDSuo0jPZKm:

  Score

  3^/10
  behavioral16

• • Target

    infames.pen

  • Size

    782KB

  • MD5

    fe5e94035252ccf06777af0169c82c3d

  • SHA1

    234dc2f2d8406ae045158a20c6c906a014bed6cc

  • SHA256

    ba8e0ac2bce41e68c6b17d1cec5aeeaa25149d14fbc4180394becfaceaac9483

  • SHA512

    c73c06ef72fcf94b457f050b2714218863d9fd9343fa0d844cc24ec96dc74cd0283831e26f97b2983a117241c86768666d236fc1443da8eac22305a8d414385c

  • SSDEEP

    384:EiLnq9dKlSSEXNLvdxGiyZMNI5d5uTgNn74oxRJwi6F/DubXjc7wlZJWxzQxIX2z:SZlgNnbxXwNcI7MYuruWhJwfcEZ6b

  Score

  3^/10
  behavioral17

• • Target

    jambone.slv

  • Size

    1.2MB

  • MD5

    dd485522a4110360358d6ae91f34eddc

  • SHA1

    134e5f6b9823688074948c1a5ebd63464597cbc9

  • SHA256

    5d105a8628527588b12fe2dcea979fb5a9a404443d637e4c91453538e105bcfa

  • SHA512

    5c0d7de9beba62438256e81772dc281f06239e613be625cd252144d2786bb6c272f8f2fded50ba63c5a4fde8c4be601ff632abcee5b016f2af9d068397cd2be1

  • SSDEEP

    768:+uDqyvaSjq+VTtQc4sT+9/xNiq8QLI5hi+H5PyDGKkdKLKnqjyFyFlAE:L8P

  Score

  3^/10
  behavioral18

• • Target

    jenbetndelserne.kna

  • Size

    1.2MB

  • MD5

    dfc0d5391db71a00f6c77997b02db865

  • SHA1

    d8403e659ab64cfd8ed48404c740c7a851eb3042

  • SHA256

    24e534f1f55dfc3c08c4fb5c371c1df39f8c2d690ad4a815d87e88bf27cfe159

  • SHA512

    136f03bc7e58ec6f5cece9d9569c06f5dfb4a8f0636255ff73bd910cf6602b5017a4caf43948edc16f9fbbc55e9586bbc9443eebb870802f7f70356a3e8d7843

  • SSDEEP

    768:IwKo+0qdjEvlu5tUOQDG8wlsvpht0vSrjFR7NJPexw2dRNeSS//t:LAc

  Score

  3^/10
  behavioral19

• • Target

    karrpierne.ndl

  • Size

    1004KB

  • MD5

    93b8451735e0a5a484c92d7e61a33092

  • SHA1

    d0b605467fb883403050a5c0b62f7e9ea3173335

  • SHA256

    b8f37a66eb4f86e06cb14e1d42855a9fb13d8bd6a8a50951a0cb9ac282140610

  • SHA512

    51458ec61228c054b7738999d8c847aecc35e3ee89b502088a12d05ad451337cac9521ee2340b59472615d125097f48e88d210600a85d76dcac1ba4116036d60

  • SSDEEP

    768:Rwz+zBVbg0apAundzXmELLtSkGW2ZUr9gdlMp1HB:

  Score

  3^/10
  behavioral20

• • Target

    omdbte.man

  • Size

    807KB

  • MD5

    e9f3e6a087f52e4294656f594a3f7ee0

  • SHA1

    47b0b018fbc44abdc52855d4b2161c731aa7a29b

  • SHA256

    1225442df9089fa099d1bb15fadc28747cdb15ebd2a69ec323ecdca8d7552f77

  • SHA512

    e8f55ae1c1b74900cf05dd8e0def424ef1eb9a1bc4d54adfcc47ac6ddbd137a582e6a985cf6b31b16345a61ff6aeee80a158e77c00d896a9e3fdfd9fe8654221

  • SSDEEP

    384:gvHXnCWAicZixoyaDSGDwWN/4lC/L6sknp+g/IZpmTjFi9S/hmMIH4P0hxaNnDTI:vzZMV3MZZp2jL5Voh630Q1S1

  Score

  3^/10
  behavioral21

• • Target

    politicious.pol

  • Size

    608KB

  • MD5

    be56792fd12b04d2f5d2e5c32a1bc1c6

  • SHA1

    5c219987bc3208b97a9f947936b1eb1942100bb7

  • SHA256

    84ea2e34091f29dfc86426a59237c165c92353319fe40e4c7583659ba891905f

  • SHA512

    913f5375179f071b6fffcf82bbed09bb148cb7c799a42d81e130ed710e1155b954e53c8fb1eddd9849ccbdef153a81d7976454325642c33142e6078bfa46516f

  • SSDEEP

    384:92Zjplg0ISuwy3Zuy9kHCewVHD5scy6gHdoIBJpYKCQN4o8SJguQjrPUy4P7cUmG:ceUXMlypHuIBJt/NFlgvuhm0Wy

  Score

  3^/10
  behavioral22

• • Target

    romtoddys.ant

  • Size

    782KB

  • MD5

    a2278fd6d3bfbe23e08a9269072d46b5

  • SHA1

    3131fb3cb2056d9811eb5507f723749fa7171b19

  • SHA256

    5e3625ab8fadedbff833f06d09684b096e2da44d5eb9b910657b1b7b64018c3f

  • SHA512

    2491366553ca4c55d9cdc8439f1a6a83840c08c0fb49df53e75a20d2f7c716222400bb59617927d2417919144ee99b139c610c1a94c519d38ef838860c87d674

  • SSDEEP

    768:XxP7ykaTIUDn+MQcg5r9WTtY3XbH0Yes9cuqLhXNvX1goLkB:V

  Score

  3^/10
  behavioral23

• • Target

    sejlet.har

  • Size

    1.1MB

  • MD5

    2577989c744a5faf3de267bbb98b71fc

  • SHA1

    c42a807b080ee167534121233798bc8522bb4cbe

  • SHA256

    c843cd11e46c17b12248034ed527e61d71d96389d8930664692be5e933a386d2

  • SHA512

    4711f98054fa1e7f41787f85744f9ca12f02ecb9218c9a0165bf9baa4e014eb5ae213fa90955e2379ecf7fdfb834761afe7bc948763e94ddd9ce331a8cb841ac

  • SSDEEP

    768:xuSi6GN/AkZN40L3QtSm0z9RNRwH9FSlBK0WjmjvGZ+mR8m:

  Score

  3^/10
  behavioral24

• • Target

    transversion.bos

  • Size

    1.1MB

  • MD5

    5c70852b4d40b6e5fccac49ba430eed7

  • SHA1

    a8b572ac3ecabe4dfc89de3d7aa6d7f96becdc90

  • SHA256

    c4305f4607cdf33fd7ce0b01b63831d8e65661411cd8418961f2384fe76b6293

  • SHA512

    03c01fd70896c6b47945d2c664e316d5e42422db263bee9e007ef47b8b7b6f3ad0fbc332c23263e96e73e9c50fae20a2efe7b7529ead7d683820582d5c959008

  • SSDEEP

    768:gL67CCKmc8XHE6OozPMEhGZj3KobdjyprLX6blHK:

  Score

  3^/10
  behavioral25

• • Target

    uranographic.res

  • Size

    1.1MB

  • MD5

    00622ddfb84acf3cf063141ad61f9f20

  • SHA1

    3df0833833179f6edbd1349dffaddec1e27f9336

  • SHA256

    3422723529fbf6eea2ef2bfeb7b5dcebe7a2dab99b26f38a11565aedeedb2652

  • SHA512

    d5d5e0311fc1dbdae8467672159a730e759adf429a5f0164bbe93830525aadd9ad98537da18355e0b9743c74af7dd3e7ba66af6bd6e4fcaeb428c566943f5c73

  • SSDEEP

    768:BpdUWxQ0dm0Pu4n6v7RLSaMx69VlGL5z7uf8Qjt5HEHI/ts:

  Score

  3^/10
  behavioral26

• • Target

    utjenstdygtiges.ind

  • Size

    1.0MB

  • MD5

    42dfbd7cb9f3f876433dd73f6ff4649f

  • SHA1

    f6b410130cd2b16106df4f78685516e56e66a168

  • SHA256

    32db6dcfce079f0da6e40e016e910ca7514388dc48e79b582ac7807fb2a208ce

  • SHA512

    ce9fe6579557b4cade47968493f7bcc1ef946bf39d6520fcd5fdac5dc60a420b7c498c377ba6e49d5528190f81e9f25aa117f2869eccc903538b9f8265c6c4bd

  • SSDEEP

    768:IsuP1G/8wTY43Cwd5PQRZGM2YX2QSz+DEUqBd3PhMRz:I

  Score

  3^/10
  behavioral27

• • Target

    zapp.bes

  • Size

    821KB

  • MD5

    78a9fb6379593ce850e775d09a051872

  • SHA1

    d79b61fa61c238d11cbfd421552f87653bacb7be

  • SHA256

    4ffa51e577926ba9a4a6e00e941cc3af19beca87b86c7354d15bc391da28562c

  • SHA512

    4a6d2c8f5f889a9d9dd7f14df67a0e8813b3a66e4a6d265f31706d8860909b62e8d61e66b916bed2dff1f4716f8905445acc531c3b2d2b99bc76c6d22cfcaa40

  • SSDEEP

    768:7NZcIq7UYSs1eaVExIjfYseU9aIPnnqSj:

  Score

  3^/10
  behavioral28