Overview

overview

10

Static

static

3

Descargas/...85.exe

windows7-x64

10

Descargas/...85.exe

windows10-2004-x64

10

Descargas/...43.exe

windows7-x64

10

Descargas/...43.exe

windows10-2004-x64

10

Resubmissions

21-11-2024 20:41

241121-zgwvassjam 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    080a58c5f6007f47a9b5d27f594d8e5ee3245de5b2e6a9939eb4fbf6ea3d21be

  • Size

    1.1MB

  • Sample

    241121-zgwvassjam

  • MD5

    33db9908e865233cfe9b80be0e32d9ec

  • SHA1

    a9819e123671ee23fb70b7ae7175f61b0ebaeeee

  • SHA256

    080a58c5f6007f47a9b5d27f594d8e5ee3245de5b2e6a9939eb4fbf6ea3d21be

  • SHA512

    81f731d82305710eb0859a6052ae80836acc45ce1a14054e8c48a3d56d59be4addc101e8b8aa97a78899be431acd5717cd8c8c335613f8626eab878c9ad02135

  • SSDEEP

    24576:vfbP1bpFwKjl1qfQaEgdN459IX1k5o68+LG2+ODk0MXAIqs:rdNFrlsQaEgDg9Q1c8+a280lC

Score
10/10
agentteslaxloaderm8esdiscoverykeyloggerloaderratspywarestealertrojan

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m8es

Decoy

668ruby.com

bundlecableinternet.com

principal.properties

autumnpmx.com

guiadeourobr.com

e6onlinetour.com

aireservcoastal.com

adzamstore.net

lights-touch.com

outsourcingjuridique.com

eicgmbh.com

hicapitolize.com

poikaewf.com

xn--hndmixer-9za.info

mondopeak.com

sczhuangzhou.com

treeworxpros.com

hurricanelauraroofing.com

dt-hnjx.com

letopicy.com

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.yillyenterprise.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Iseeyou.com147

Targets

    • Target

      Descargas/2dc07e970dd5581d1bd22d69e454dceda70d8f87cc84757f86c094b2fdb7f985

    • Size

      814KB

    • MD5

      8b2c2a4e77c6b9eb8d65105014f634fe

    • SHA1

      12b265a19183685c13ebff8aeb0da7f891202b11

    • SHA256

      2dc07e970dd5581d1bd22d69e454dceda70d8f87cc84757f86c094b2fdb7f985

    • SHA512

      0147547c61382e1c0e0035ec962072b0372fc66e8437ebc4e8fa6a74db68e3446f2b7e98ac2431504dfd4bb4e6b79e0d04f8210372b7f44fc4c534b015b789b2

    • SSDEEP

      24576:kAl8ANFu+dldXQka7daosVjJP1AyZqKjlCqfQLEjdk45D:lNFu+dldXQka7daosVtdBZ1lXQLEjSg

    Score
    10/10
    xloaderm8esdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader family

      xloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Descargas/bbcc980fba33eda0491b1f7c1c1f6f2cd53a1c26ce2cf2154473263a1935b243

    • Size

      1.0MB

    • MD5

      fc904c1d19f4862ef2939e242c1fedb6

    • SHA1

      4d05a65f64f9c4c56b21847b208c797d5366991b

    • SHA256

      bbcc980fba33eda0491b1f7c1c1f6f2cd53a1c26ce2cf2154473263a1935b243

    • SHA512

      0fa97543b70e1d4c38f72cfff0cef0cdf2f61649ae17b9906ac522cdb6933e99b223d47fc0141b1dce1cb7a85bc089d8f5733f992ddfa7842b3647b3c532220e

    • SSDEEP

      12288:8BhXITnk6arPHN7uWjqsNTQ+Fq2k4G0g9v8Djz26Dq/miHyuGFAY8CaODXUsvMXC:88Tnk6arW+k288Dja68xLG2XODXHMXc

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks