Overview
overview
10Static
static
1009fe7735f7...8a.exe
windows11-21h2-x64
100a08857b3b...19.vbs
windows11-21h2-x64
100a92b6b6c9...d0.exe
windows11-21h2-x64
100b1f6297e8...e6.exe
windows11-21h2-x64
100b4ffb13a4...aa.exe
windows11-21h2-x64
100b9a6ed57e...55.exe
windows11-21h2-x64
70be395d43c...ca.exe
windows11-21h2-x64
70c046f07cd...89.exe
windows11-21h2-x64
100c1e5acd77...53.exe
windows11-21h2-x64
100d825ad1df...37.exe
windows11-21h2-x64
100db3c21dec...f9.exe
windows11-21h2-x64
100de875f11e...e9.exe
windows11-21h2-x64
100e3bb95b7b...77.exe
windows11-21h2-x64
100edd5342b1...6d.exe
windows11-21h2-x64
30f4450a6b2...b6.exe
windows11-21h2-x64
1010758789ca...d1.exe
windows11-21h2-x64
1011a3fde6fb...96.exe
windows11-21h2-x64
1011bb525d06...1c.exe
windows11-21h2-x64
10124dcea053...69.exe
windows11-21h2-x64
1013431e2ee5...1c.elf
windows11-21h2-x64
315387da23f...315.js
windows11-21h2-x64
815938b5637...72.exe
windows11-21h2-x64
10170dc238d7...a4.exe
windows11-21h2-x64
101728680969...4d.xll
windows11-21h2-x64
1017dadc2b10...b1.elf
windows11-21h2-x64
3190ffc93d1...d7.apk
windows11-21h2-x64
31a4383821d...e1.vbs
windows11-21h2-x64
81aa85c5026...8d.exe
windows11-21h2-x64
101b13d05cae...26.exe
windows11-21h2-x64
71b9334e09c...52.exe
windows11-21h2-x64
101bcbf1dce6...0c.exe
windows11-21h2-x64
71bd3fa491c...5b.exe
windows11-21h2-x64
10General
-
Target
JaffaCakes118_3a2e31f2844df5cb91eedbf24c0b93de4b0aa08525f733132c2bce0d7ab81acc
-
Size
973.8MB
-
Sample
241221-2xpr2atjar
-
MD5
0523322523fc2607b21cf06ee2c06e2f
-
SHA1
49924c11f7b22dbb1fec51402214a4b62f0c4da0
-
SHA256
3a2e31f2844df5cb91eedbf24c0b93de4b0aa08525f733132c2bce0d7ab81acc
-
SHA512
a6ca6c07ece8ad4f4c832cf40bf35e267bfc56f34d0aa252b2cfdcc75ee7fd2b9aa55b547b849820163ca48bd05c9061c76d80756427950d2e5181ebace1ebae
-
SSDEEP
25165824:cbjDAJklOVFPCJ4jMrhQVzccWZYSXn4yPPGwnSQuw:cbj8Sl66PhncWZYyWw6w
Static task
static1
Behavioral task
behavioral1
Sample
09fe7735f742e003ace00c9884b1eb6d55c719735a1fcd207ac985ce746b008a.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
0a08857b3b6b52510c544f54f8b7489038e371a85db858ad3c34c4f7198da819.vbs
Resource
win11-20241023-en
Behavioral task
behavioral3
Sample
0a92b6b6c9ccba573ca47718bf608715dbc87ad48afc19bf7004d8eb9bf598d0.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
0b1f6297e8bfa8fc9ff8a7ad85487ff456c0d66ef2d908588cd27345fba5f4e6.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
0b4ffb13a42cb2432b4e021c18f4b4dd51b669ba0356804ca32dac2de7741caa.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
0b9a6ed57e23d874bde98d89d3c50a44b3982570cb8bbf41660fad19d3fbe855.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
0be395d43c98fe7b2d0fff10863410665ee11ce31a10277dc03049e77661b1ca.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
0c046f07cd96f008a224dc272c32b52af4611cd1852d38db9737abbe3fcf9e89.exe
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
0c1e5acd77d667335c59b10f7bd08997ff5bac4aeb52722fffe17c60d1779553.exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
0d825ad1df7c2ac718991f061800e31c6ae4ac7a35516676ac0dad40b84b6037.exe
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
0db3c21dec09a297e99a07ec1ebd007146adfbcb3c8f0d4a3f88868778c6aef9.exe
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
0de875f11ee5d69c5b4633e3b878529f08788440f87fb3ab0cde77e698b200e9.exe
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
0e3bb95b7ba92dadc59985e6b0d1a75db091d6ca03f755fca34437398217f877.exe
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
0edd5342b1fc252b5164f41118b0b0e69d954772a4ec6ee14f49d15fa4ddf66d.exe
Resource
win11-20241023-en
Behavioral task
behavioral15
Sample
0f4450a6b298d95d7fdd6ac63a917b1975221fe90e520ff30e9c6b0d8a4955b6.exe
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
10758789ca875d9783a8988e0b0dbfd88f75a6ac0eb544b5b37241492223fdd1.exe
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
11a3fde6fbce94c261cc8785856d132eccd5239e95a9129c2ba404cad58bbd96.exe
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
11bb525d06957723f55934f7697eaf4c6e0437e435d3fea9f1f4a16d71cd041c.exe
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
124dcea053b32060dc96c5b2901df4264837a87ea25e635e0ac76145450d9a69.exe
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
13431e2ee5bc86bdc9b53f47dd2ea61912a00952a3ea8f97ea3842ad7053551c.elf
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
15387da23f7465d5c4ccd137bc21d15d74c0006c7536b92afed5337cdb3e0315.js
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
15938b5637e639c182992c8fdf65b8db3d461c85f6eac57044f40d2a68955372.exe
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
170dc238d7e8c6f55a0aedddd2d01deb03d62e71d7da5c51f67632d2de3f93a4.exe
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d.xll
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
17dadc2b105c925bb5d598789e418a9fdedac3a5a26a05fa4b77c8d82f685bb1.elf
Resource
win11-20241023-en
Behavioral task
behavioral26
Sample
190ffc93d1cf8112811d0568736905e6a943cc4787fb569754ed7e15ecd2efd7.apk
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
1a4383821db896055970d1358d5f3591a7b5963f93ffcca737ac94bf6972cce1.vbs
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
1aa85c5026608d04abec7b7af789f3b5e28c59064733c0efdb942a543926558d.exe
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
1b13d05cae0e4eac18dbaffe04a238238d6c2c2be285d825712cfbef91341326.exe
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
1b9334e09c3df74ba3135169e49533c7a4d5a6c7ce090e31188e6f6a33403b52.exe
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
1bcbf1dce6780dbfb1b1ad1d86f25d4b7a50063be5b4640f8939085980c4e00c.exe
Resource
win11-20241007-en
Behavioral task
behavioral32
Sample
1bd3fa491c5de8cb9189ff8f86fd1a7e27a8140e3578f8fa9ebb23931550cc5b.exe
Resource
win11-20241007-en
Malware Config
Extracted
gafgyt
185.28.39.15:839
Extracted
irata
https://iuskmmdm.ml
Extracted
mirai
MIRAI
Extracted
purecrypter
http://41.216.183.235/Ogrogk.jpeg
https://cdn.discordapp.com/attachments/1033689147958902804/1033916196451516516/Njnwwomqhh.bmp
https://cdn.discordapp.com/attachments/1033689147958902804/1033908505989628004/Dfygmnwx.png
http://45.139.105.228/Pinkptlahbx.bmp
https://onedrive.live.com/download?cid=A091E1A18B960958&resid=A091E1A18B960958%21160&authkey=AP6mjbZ6I7me0us
http://185.216.71.120/Dsysssji.bmp
https://onedrive.live.com/download?cid=A091E1A18B960958&resid=A091E1A18B960958%21159&authkey=AFru6OsgFq10mzo
https://onedrive.live.com/download?cid=BD9480D014FE52E5&resid=BD9480D014FE52E5%21322&authkey=AHyzW5kyN2MBgPo
https://fullline.com.my/loader/uploads/Cofucfwmi.bmp
https://onedrive.live.com/download?cid=96F930A16702BA42&resid=96F930A16702BA42%21110&authkey=AMJ1Am8lmlZPVrM
http://185.216.71.120/Ypvoi.png
https://transfer.sh/get/afXUmU/Uyofoxfltd.jpeg
http://185.216.71.120/Eztxeazszv.png
https://onedrive.live.com/download?cid=A091E1A18B960958&resid=A091E1A18B960958%21165&authkey=AKz2N-2upLtVH0U
http://www.ugr.leszczynskie.net/mapa/Upfhbfhbavc.png
http://185.216.71.120/Yqnvktamyg.png
http://194.180.48.203/Uhprtckm.bmp
http://45.139.105.228/Ittogj.bmp
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
andrmonitor
https://anmon.ru/download_checker.html
Extracted
mirai
LZRD
Extracted
aurora
176.124.220.67:8081
Extracted
rhadamanthys
http://104.161.119.221:8899/live-edge/nft.png
Extracted
socelars
https://hdbywe.s3.us-west-2.amazonaws.com/sadew1013/
Extracted
mirai
LZRD
Extracted
systembc
95.179.146.128:443
146.70.53.169:443
Extracted
xred
xred.mooo.com
-
email
xredline1@gmail.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Extracted
njrat
0.7d
Brouteurs
forthewin.ddns.net:13337
fc4dbf906d35a96ddea0300f5b82bfb3
-
reg_key
fc4dbf906d35a96ddea0300f5b82bfb3
-
splitter
Y262SUCZ4UJJ
Extracted
asyncrat
XSSYE 1.0.8
Default
open.imgov.cn:8443
91e5d29b47a7d36802e6e1151434cd02
-
delay
30
-
install
false
-
install_file
1111game.exe
-
install_folder
%AppData%
Extracted
raccoon
d1d6daf7a5018968dea23d67c142f047
http://5.255.103.158/
-
user_agent
x
Extracted
laplas
clipper.guru
-
api_key
f9ff07c5a5e00d26196b3460b72ad41c90dbd24c7405de597560a9a72e3582dd
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keefort.com.ec - Port:
587 - Username:
mojosnk@keefort.com.ec - Password:
icui4cu2@@ - Email To:
mojosnkreprt@keefort.com.ec
Extracted
erbium
http://77.73.133.53/cloud/index.php
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
smokeloader
pub4
Extracted
gcleaner
45.139.105.171
85.31.46.167
107.182.129.235
171.22.30.106
-
url_path
....!..../software.php
....!..../software.php
Extracted
redline
62.204.41.141:24758
-
auth_value
76a7aa24209b18e5866f6b31583d7851
Extracted
redline
Dozkey
91.212.166.17:47242
-
auth_value
c06f8f31502cdaf6d673db7589189fd5
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
formbook
4.1
a20e
pushkarinidigital.com
e-shiryoku.com
sendmeblog.website
arniepalmer.com
tinnnitin.click
serummoctoc.online
chmoptk.xyz
kidskarpentry.com
wanglin123.com
onlinecannabis24dispensary.com
hkwx8.com
marcrosenkrans.com
bridginglegal.com
a2r2.cyou
app365e.com
semesta.xyz
encuentratucasacr.com
huiyusc58.com
carnivalofmiami.com
functionalbreeze.com
linderoranch.com
mim-auto.com
6681a.com
humandialysis.online
andrassil.com
wealthgenerationinfoursteps.com
quantitysurveying101.net
mariocastillogarcia.com
tryreferlabs.com
metsovaara.shop
marketingovyj.store
bitonicfxtrades.com
terafelin.site
lashloungeforms.com
dianfitriana.site
ucasdearrate.net
canadaroi.com
seize.cfd
suying1314.xyz
womensembodimentstudio.net
juniorminingworld.com
choaaa.com
abatjour-beamy.biz
hottgrrrl.com
yourguidenepal.com
bieberrecords.com
46000.xyz
beds-11044.com
valentin-fortin.pro
zhuangyihanba.top
synthchronicler.com
suluovaailetaksi.net
weircaremanagement.com
kintn.buzz
qadofor.space
aboutbeyoutiful.com
wxbmst.com
definitelynotacci.dental
dbk24.xyz
bigmuttmarketing.com
skylanai.com
nmsx.info
mangointelligence.com
190huntin.club
us-styleworld.shop
Extracted
vidar
55.1
1636
https://t.me/dghzq
https://t.me/zjsqpz
https://t.me/fqwexzq
-
profile_id
1636
Extracted
http://20.7.14.99/dll/dll_ink.pdf
Extracted
agenttesla
Protocol: smtp- Host:
shaqone.shop - Port:
587 - Username:
sender@shaqone.shop - Password:
qPV%6P+jrcf3hV8WFP - Email To:
support@shaqone.shop
Extracted
Extracted
lokibot
http://192.64.118.167/profile.php?id=oTWpxPBp8jPKmiIpZe60rg2knpeKuIXTCTi9JUyRdoCzHlZGz5G
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Extracted
formbook
fofg
FHyydxpFBs0S8b4ZlP7ZEtd/
EVaCEKb/cVV9xQ==
U9I5lke0IuU7vj5EXus=
rXD3AKPV3qUblOUsV41KMfU=
PwBSy5z56XNzIvnS3ygsKv0=
CQe1BLbSnGXX
HuhKjxhLhxqBy2FFz8WoFA==
QJymezEoLOFZ1T5EXus=
V8r5PAdwuGK2AUARohas
b1XV06ANH9s5uj5EXus=
3EiEhwo7Euw2tl8=
c2PjK8Izkydy5N8x
CXCkYf0m/qPrv8QajKyT6Oo=
pHjy+Mk0CqvWBXdCz8WoFA==
QjSwr3/j5rAyvz5EXus=
+edxANg/sU+k8YFQz8WoFA==
tWiQq3rqyl6cTAG9pA==
GeAyMQxBUOlDwD5EXus=
nQ5eoT2mEKkhDN2DwBek
JP5dIbHlrXXR8umDwBek
BMT8B9n1OyBvqL+WUSgsKv0=
RSeJYDyteizAdQbSCyHeYCCMZL1A
NOgCENlCLthl5TV9YsWpTzHAdjCmUw==
s2npDaPJBhAdm10=
TXr1YfxiKOkqcgfcHV092XmTHA==
aTXN1nHe/gVFvD5EXus=
TS+nK+9V4pW+9cko
GuBk6sExhxNLr7wYhPbZEtd/
oHWjdWHDv228J/jg0q6xYvzLcxRiMhI=
z6pB06UWdBZHuj5EXus=
nZ7gYT4zv3fY
gXHxw16/sjbOAABSuAnZEtd/
m2asNcPsiDe3I27NxByg2XmTHA==
leg4fQ1h3ZG+9cko
AmB4B64SvFJ6t1G2z8WoFA==
7agWYtMw0Wu2yptkrA==
yzl7iRI/QhdFiRV+eQXh2qsEinZosxo=
gcntJ8YrjSVy5N8x
hmi6U/JgAY/CyptkrA==
/2edLM81848QdjaiqyLu051h
57A/tEumUOZ3Nc6c3Q/aQx8Hiq38AvyPxw==
qI77ulvxShNayD5EXus=
IPA6VOUd6xAdm10=
6LAL4bkhuGHG5+WDwBek
06pAU/Af78kc13PYvx2l2XmTHA==
LhRuu47pEuACWUo=
98ue7uq/cVV9xQ==
Vxxkh13O3ZwXwlcqp5L/6OM=
XhYUTkQR6hAdm10=
RQE/ijRllTFI8umlUSgsKv0=
+2bIH8U2olR6PVYuAlnzaCaMZL1A
BMQ9MRDgCcoYGZlxF2gFHXp1
fmrbKPeT/LD1azf/CIEZLeKVCw==
ajSLMtRD25W+9cko
8LTyD9cHcVV9xQ==
mFi1hCWOhw5Huj5EXus=
FXSUHb8h45vFyptkrA==
lWmcMf1mwF2BLzwh/FncUzfPgHZosxo=
guwbCaTRfBKGAXWKUHUf+e90detZ
QhxpJrXlmzdKeRDrnCjfixcSwulI
Thag+Y/veDtRAOqDwBek
Z0Wp7pLMCBAdm10=
bT9HyWnOXhWYztVF4moy2XmTHA==
kXbZHKvU/Iq+9cko
richardcrebeck.com
Targets
-
-
Target
09fe7735f742e003ace00c9884b1eb6d55c719735a1fcd207ac985ce746b008a.exe
-
Size
1.0MB
-
MD5
690a381d9e34389a101cc26042eb01d9
-
SHA1
20cbdf652baa00adc83670d907b14724445da0f2
-
SHA256
09fe7735f742e003ace00c9884b1eb6d55c719735a1fcd207ac985ce746b008a
-
SHA512
4d101dbd26245e9365bc8a92a4feaa122811468643b8dc9ec6bdc2dc0e53469e37bbba0912ba45071c105f01af44e3959985a56309476fdbec8c1933d9c12b52
-
SSDEEP
24576:7kr1gzNc71ZGytgGTpd0FUDJr3HbZMOBr:Qr+aRn0FUd73
-
NetWire RAT payload
-
Netwire family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-
-
-
Target
0a08857b3b6b52510c544f54f8b7489038e371a85db858ad3c34c4f7198da819.vbs
-
Size
195KB
-
MD5
a4f71409b11c7a677353f1d7b3e0d13a
-
SHA1
704ec3fdb8f2ee5e39957785f0d03d5268abd5e6
-
SHA256
0a08857b3b6b52510c544f54f8b7489038e371a85db858ad3c34c4f7198da819
-
SHA512
0ed1f3d2fff28a0b7977f966b35c65ed3c3c385eecacf5b1feb38c20ecbbb3017b77b4eca584ea342be86e8e3e5baeec2dbdda3de5c85e97658cd9a4892c1a52
-
SSDEEP
768:r1wsIXCNd5dghna/lS9P0P7SFuumB/bm/:4wCGBC/
Score10/10-
Blocklisted process makes network request
-
-
-
Target
0a92b6b6c9ccba573ca47718bf608715dbc87ad48afc19bf7004d8eb9bf598d0.exe
-
Size
930KB
-
MD5
53f4e52a78bdf6541e3efdaf401ebbd3
-
SHA1
9c4841f6dc393e0a197aba01e9cb8491999a6150
-
SHA256
0a92b6b6c9ccba573ca47718bf608715dbc87ad48afc19bf7004d8eb9bf598d0
-
SHA512
f14c3b7c53df876eae2d1ea6e03d88d419e91ee9926334993d585f470c4a13eaa1326544de95a0ce06d3b2590461b3ef52c988c8d1bde7e56ca6b49081305300
-
SSDEEP
12288:GMY3QedajfctobEgT4FtM/e2Rw4nZu4LvJ0BPykKu2sN9nuI:GMwdwOobfT4Foe2pLBuhN9n
-
Formbook family
-
Xloader family
-
Xloader payload
-
Suspicious use of SetThreadContext
-
-
-
Target
0b1f6297e8bfa8fc9ff8a7ad85487ff456c0d66ef2d908588cd27345fba5f4e6.exe
-
Size
1.2MB
-
MD5
76f35ccb9dc8b2342d34237d041d16de
-
SHA1
25b50efad77cebcabf2969a97f31db993286d066
-
SHA256
0b1f6297e8bfa8fc9ff8a7ad85487ff456c0d66ef2d908588cd27345fba5f4e6
-
SHA512
06c98ccc3cab2175207f9f2ecc410fafc450f318ff53fc70607b346584f0cefc3377d2eadb347a1814629eb2966cc0c818e9be4fe8a3fb84664178159993fc9c
-
SSDEEP
12288:Z6xsbHodJWWMvNlg+ijLraGFdhJhVTqzEfaH/jVCLzcmI+Sec3IpCT:Z6xsbfWsXylvaEfa7wEb6MT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-
-
-
Target
0b4ffb13a42cb2432b4e021c18f4b4dd51b669ba0356804ca32dac2de7741caa.exe
-
Size
2.4MB
-
MD5
1362efe98b360c63f8901fad9b6542fe
-
SHA1
7cee9adac7453dcf74e77a6907951916e590e593
-
SHA256
0b4ffb13a42cb2432b4e021c18f4b4dd51b669ba0356804ca32dac2de7741caa
-
SHA512
29882782ddd3ccf7f6e26135832da86ea961faefd67ddbce79945ef81f291d49051cd5fddb1cb13e11bf996697be5c542427f6aa8876c417f7ba460b50b3f7e1
-
SSDEEP
49152:Z2Yz1Y1xuKe6eF5NPw13Q4/Dof7G41kBNqrcygeCDqQ/XJ5txoJbljwjcWKVA5hq:MwWEvzo13Q2D6GmMScecqQcJbWIKDq
-
Gcleaner family
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
0b9a6ed57e23d874bde98d89d3c50a44b3982570cb8bbf41660fad19d3fbe855.exe
-
Size
5.4MB
-
MD5
3a6af02d19a5f472a0357ccb50e5b0a6
-
SHA1
245b235c383d80ca2ae88681bf12f27bea96b92e
-
SHA256
0b9a6ed57e23d874bde98d89d3c50a44b3982570cb8bbf41660fad19d3fbe855
-
SHA512
ac7dde150babc8348b963345ce330ee081978e80c1c80344a240c14cb277ba219a0189b6fbd9353a42869281e00b176021a491fdded3b456f4e9bd8638f5a8e4
-
SSDEEP
98304:xZc4ddDQkADTo0arkXDiBH9ftXnFmEuM2B4lXzqN346KNadVRvhfPqH:Dbv6UGDohFO/sY1rRJ
Score7/10-
Adds Run key to start application
-
-
-
Target
0be395d43c98fe7b2d0fff10863410665ee11ce31a10277dc03049e77661b1ca.exe
-
Size
349KB
-
MD5
02a41eb01d841ddffe402fcfbb73bd0e
-
SHA1
932bdc88df3e0c3d0747ec3a53b9aaaf7365b88b
-
SHA256
0be395d43c98fe7b2d0fff10863410665ee11ce31a10277dc03049e77661b1ca
-
SHA512
c6f42a2f012e320ffdb435e129bf2ab2b62bcea7af20ac10d60ccb11239ef02324845f4a74d2868a70db2715fe6dc9ff7e7c4a789e1bbdaaf3bbef07166e1773
-
SSDEEP
6144:FweEwTKu1gRtv6cWGqV/9zYTyOpMKbsAJRv31M0E2Jt:Mv6cxqV/GGOqKoAPv31M0/
Score7/10-
Executes dropped EXE
-
-
-
Target
0c046f07cd96f008a224dc272c32b52af4611cd1852d38db9737abbe3fcf9e89.exe
-
Size
229KB
-
MD5
f8c0a565c50b57b8ebc9c280007312ec
-
SHA1
e0a90e6d88b92002c7b77dc8298cd1b98f89d99e
-
SHA256
0c046f07cd96f008a224dc272c32b52af4611cd1852d38db9737abbe3fcf9e89
-
SHA512
483f609a16c268bfb7626bd6dc7826d8822671342cad1ebdab64115863efe7a75dd13ce6ed31b3c89f691644b2a5d719d43f47994769db2c5753e34bdaedf185
-
SSDEEP
6144:wf6fRxdLyrc/quEJfylTp45uuo9qcOY7Mnh:wf6fRbGcSuEJfylTp4YuUf
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
0c1e5acd77d667335c59b10f7bd08997ff5bac4aeb52722fffe17c60d1779553.exe
-
Size
371KB
-
MD5
341944954703c303537b9d8aa25e5531
-
SHA1
836351bd41f31d10209d0bdab117186d86071816
-
SHA256
0c1e5acd77d667335c59b10f7bd08997ff5bac4aeb52722fffe17c60d1779553
-
SHA512
9fc832dbd848b6fba32e5beca85e7e55e385f677739ce4372d3cd76a3b05d044e1cb4edbae3fda7eadd185803359642fef50ea8691ae488d8d7dce19eca99073
-
SSDEEP
6144:Ic/RLyHWHs8c5LRMuPpucS5YUhb7jRXBsL36vAiVMaY/6V:Ic/R2HsIMuo5YUNNX4U1VM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
-
-
Target
0d825ad1df7c2ac718991f061800e31c6ae4ac7a35516676ac0dad40b84b6037.exe
-
Size
229KB
-
MD5
5ee27318991c7dcdfea2fb99ae8f219b
-
SHA1
1490d4de2bbdb3379819aa08cfd0f0c7762b3783
-
SHA256
0d825ad1df7c2ac718991f061800e31c6ae4ac7a35516676ac0dad40b84b6037
-
SHA512
88cfef8883ed42b841563632ffd7eae1eebfb2d3e1bedda3a6794b37d559bcbaa48de979e7a77011325ea96bd36742673b8f1704bad840a938e4ba829018abb7
-
SSDEEP
3072:DNPnQxjSky4aM1woJLJVqdj98m6hce5VYytX7RMzshG3ZcOGgSerQiswun:DNPQxGNuLJVYj9hgikXlU3TDSKxu
Score10/10-
Smokeloader family
-
-
-
Target
0db3c21dec09a297e99a07ec1ebd007146adfbcb3c8f0d4a3f88868778c6aef9.exe
-
Size
317KB
-
MD5
fe62aba35fd5f1c6ca2c1c8be6c27ed3
-
SHA1
b1912c42ae6742ee1f85be843ad3f66a45372464
-
SHA256
0db3c21dec09a297e99a07ec1ebd007146adfbcb3c8f0d4a3f88868778c6aef9
-
SHA512
2d4fedf8c40f2796539a046277ea7f8b6a514e2cecd0b630e8a3a137254a627c873684d247f9e01b53cda4cd36dfa504e9ef1e3c1ed521f9343d45d41032b92a
-
SSDEEP
6144:fhu1FLTeIjxfniZ5nr6qBgplf95QfGuYjuK2uPbcRItN:fhuXOAfnErgplf3huNuPb0I
-
Gcleaner family
-
-
-
Target
0de875f11ee5d69c5b4633e3b878529f08788440f87fb3ab0cde77e698b200e9.exe
-
Size
350KB
-
MD5
36fcbb3b37a9ba63f1fa77c22297c6a9
-
SHA1
96f7e90a7949064e286c5cf6a39e40aea2f21263
-
SHA256
0de875f11ee5d69c5b4633e3b878529f08788440f87fb3ab0cde77e698b200e9
-
SHA512
ce25057372e00b915f92fae2b4398af9badcec1b8f4a0a5b532f12050adb1bf2ae0657849a8f54e066fcd14cac00e3a691da5393c6c3aae23083358d3d701c11
-
SSDEEP
6144:ocLt8AYW3GpW4DW7Q74jOxdiUhtoMgJ51XPKM7MBr:ocR8TP87QIWAUhtoXJnXPKo
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
-
-
Target
0e3bb95b7ba92dadc59985e6b0d1a75db091d6ca03f755fca34437398217f877.exe
-
Size
2.4MB
-
MD5
7e5e288607447a41931025d1f79760ae
-
SHA1
4ad9a21318ce3c9150b16d1c7d4acef655eb86bf
-
SHA256
0e3bb95b7ba92dadc59985e6b0d1a75db091d6ca03f755fca34437398217f877
-
SHA512
7738b15725bab95d16f949f0dc8cc2e9b9c61936d8b3a54a932fb6dd3f0ab38bc21c8f484395eaaa2686d397e22032f6b681c3920721faa04f5663d20c3da083
-
SSDEEP
49152:Z20nrOjMNC7wlZ6+3WddBI6crIdYnX5oCmG1YQV0REpLgfNcA5hq:MAOjM4wlQCWfBINsADvV0R2gf1Dq
-
Gcleaner family
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
0edd5342b1fc252b5164f41118b0b0e69d954772a4ec6ee14f49d15fa4ddf66d.exe
-
Size
252KB
-
MD5
130f4b6ad5c42bdb5abb4e45406cef94
-
SHA1
efc55e5f2520c089bfedcc3cfcb4630f595fb688
-
SHA256
0edd5342b1fc252b5164f41118b0b0e69d954772a4ec6ee14f49d15fa4ddf66d
-
SHA512
88fdbe7ef0b3a076ebc872d5dc00fb2fa9ff827420433fc24d886d27fc5b462ba090301be042a9a3c5b31241f82b361afe8d586dd48bd5df393f39d0305d4192
-
SSDEEP
6144:XCutDb6sMMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMg:yObMMMMMMMMMMMuMMMMMMMMMMMMMMMMh
Score3/10 -
-
-
Target
0f4450a6b298d95d7fdd6ac63a917b1975221fe90e520ff30e9c6b0d8a4955b6.exe
-
Size
219KB
-
MD5
566a30af3032ed8c2718c99a9c0d7289
-
SHA1
4d08ff905ddfdaf7f39465b9af09b6441e8993d7
-
SHA256
0f4450a6b298d95d7fdd6ac63a917b1975221fe90e520ff30e9c6b0d8a4955b6
-
SHA512
03aa457d3d68d96cdcb8a2d234fac21466bac359bc10948ac1b79222361e992d456df8ba89c8c4e0ada87da0502857a3586ed232a114db9823f13d60308526b1
-
SSDEEP
3072:UXWlLKlKMO5qI0Ac7ztrQNZezyzh91Ih3Az9Mo+ATIulLwt:QQLrM937JUNZeeFTEMuoZTIuh
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
10758789ca875d9783a8988e0b0dbfd88f75a6ac0eb544b5b37241492223fdd1.exe
-
Size
647KB
-
MD5
92e6f05295ae825d4f3d9982a616b98e
-
SHA1
eb73f950397f919df73442f66cbd15deee931cea
-
SHA256
10758789ca875d9783a8988e0b0dbfd88f75a6ac0eb544b5b37241492223fdd1
-
SHA512
100e49ead6c63aba1470ebad85d969310741cc6d7c8d974551ffa07aa1923dec4f4153d363387328c493198ad98bf7535f2f4e138203daa3849ca28f265a3243
-
SSDEEP
12288:rYK4r6syCKHtudgQcEfCUkNNvshJGxnLeFnQ:rYK4RNKCcg1knvsh45LeFnQ
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-
-
-
Target
11a3fde6fbce94c261cc8785856d132eccd5239e95a9129c2ba404cad58bbd96.exe
-
Size
307KB
-
MD5
848cfa950baa476b7127aa42a8f8cb2f
-
SHA1
60fd5296042413a9cebb3a4952f8efa36d8d31d1
-
SHA256
11a3fde6fbce94c261cc8785856d132eccd5239e95a9129c2ba404cad58bbd96
-
SHA512
6bed8b5a08a9bfd6eb88eb4203960e6f71e348ae254877653ece37ad144d0e94d79bee58a3e1a39e0c33d0170e2e4aa1ee269224325799cbe5d8fe0b7e1a4e58
-
SSDEEP
3072:sXqhLZd18O5PcsUpbfxaBytteEd8mGkhXhSSOxtzIZ9dKfV0DgR84+5sm+t904:ooLZ84csYaBk/hXgSOxtodKuDgRTX
-
Vidar family
-
-
-
Target
11bb525d06957723f55934f7697eaf4c6e0437e435d3fea9f1f4a16d71cd041c.exe
-
Size
222KB
-
MD5
80c18619e17ff0835fd578aed8422e4b
-
SHA1
d82dd7c61eede169f542f89b2fce22841345c1a1
-
SHA256
11bb525d06957723f55934f7697eaf4c6e0437e435d3fea9f1f4a16d71cd041c
-
SHA512
25b0946140fe0de5eda34f67089a6bb39827fdd421853edaca55cfa5cbcd199430c0c85dda90b0e225793c1a70708eb7ec8175fed6176f174becdf522ed22584
-
SSDEEP
3072:BSnlmJpEgXKnlL0EAhoTwN6+k5P5Ykc7Dh2N/qyGqPBBu5YGLTuUO/BcCp:BSYULyNczcp2F1HsYG/VO/BcC
Score10/10-
Smokeloader family
-
-
-
Target
124dcea053b32060dc96c5b2901df4264837a87ea25e635e0ac76145450d9a69.exe
-
Size
732KB
-
MD5
c5e02c378a0ddbc62c4172830947e97d
-
SHA1
d0ed805d5b40454a091f233d0c1d9b29ec64c515
-
SHA256
124dcea053b32060dc96c5b2901df4264837a87ea25e635e0ac76145450d9a69
-
SHA512
97a79a56be88085ab2402e4a7474afa344e1eab45108429f2e80de7860da04a97f04220496602d737b9523c854b9c1c24895329d85eb962101b90c19cced5d79
-
SSDEEP
12288:oy10PPJaxEOCf5lpLR6AlAaXjxmQpunxdk9dmhbbE8QUuQZ60sSj:kTxpcxdPtbE8Duu60sSj
-
Snake Keylogger payload
-
Snakekeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
13431e2ee5bc86bdc9b53f47dd2ea61912a00952a3ea8f97ea3842ad7053551c.elf
-
Size
96KB
-
MD5
9a44a623c0b3bf86f337244a492bb849
-
SHA1
14e27701d655f430048e92a429926a5fd8abf362
-
SHA256
13431e2ee5bc86bdc9b53f47dd2ea61912a00952a3ea8f97ea3842ad7053551c
-
SHA512
5b2337ffe4a6089621586544bba4fd1809e9b113b05566be1326a7b733571332ecc5241ef9bcaf81cab91a34dfd73318df2987781cfb4c3d78311a21a0bbc321
-
SSDEEP
1536:7QQfckMzQzgv9OtAC0QptczD3z+FavgfTXvEmL49VqFjtUfkjX:7xH/JFDtczD3m57vEmU9VqFBUfkjX
Score3/10 -
-
-
Target
15387da23f7465d5c4ccd137bc21d15d74c0006c7536b92afed5337cdb3e0315.js
-
Size
100KB
-
MD5
ed9d1e4c580a9f92815d0cbf00b47b20
-
SHA1
ccc8533cc8fd804988c75f9ff827192bb98dab3b
-
SHA256
15387da23f7465d5c4ccd137bc21d15d74c0006c7536b92afed5337cdb3e0315
-
SHA512
ae543bb540190d4e799cce94f943526ca60d1b8376413dc8fb66251f567087ffaa8ebaf4e67761c51b098c538e0da937e8b65859f968bc58908b9899fd0b24b4
-
SSDEEP
3072:9F7D4Y+Jk9olJaXvY96bal9BtNe66WWtUrcZtXGD23VMJFB:9FniHKYIOB
Score8/10-
Blocklisted process makes network request
-
-
-
Target
15938b5637e639c182992c8fdf65b8db3d461c85f6eac57044f40d2a68955372.exe
-
Size
229KB
-
MD5
83fd029a3fbe2efc79f203479a4c21e6
-
SHA1
4290032c569c5eb64d7ebd4c50ef36f01f08dc27
-
SHA256
15938b5637e639c182992c8fdf65b8db3d461c85f6eac57044f40d2a68955372
-
SHA512
feb38390727625b364246e17217501b090d4bec00e131043887a5e7e74e9a4caa9b300fa67ed393504aacb62dd7284a471bd747ca6b2b1057b919e6d284d7c17
-
SSDEEP
3072:GS6n5Yu86fFYNLLS8sZDRw6Cv5NOCr9YBVBNZ/IxwTGHFMtFiRiU4A:GS6uaYRLS82DKL3OCrEVzZ/IAGlmFtU
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
170dc238d7e8c6f55a0aedddd2d01deb03d62e71d7da5c51f67632d2de3f93a4.exe
-
Size
1.2MB
-
MD5
749fd58dcffee43317d573fbec8eaddf
-
SHA1
08964a5cbccfe8460fdbd126004ffdd6c81a1121
-
SHA256
170dc238d7e8c6f55a0aedddd2d01deb03d62e71d7da5c51f67632d2de3f93a4
-
SHA512
357eb5dcdaa4aa2249d8a1937cae7c8d362466d63fcbe8232cdf8c561623ee7470ae9f4601090dffb3b41545a032d63fcaba504a0c3c1bbaba579c1333b3f09f
-
SSDEEP
24576:XAOcZ9OUVm7BVha9TlEkqIMMvBwA2MNxjFJ7oHeWXL7WY:pC0klEkTMMvZx9+7WY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d.xll
-
Size
551KB
-
MD5
8c3611f6e56cb6edf445374ba7b8d6b9
-
SHA1
15b32a9f730e1828193ed0f0bc09aa150d66916a
-
SHA256
17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d
-
SHA512
71954f7e5fb770ea06f97d78fb0510cf2f638f6afc5c0555c62c1b411ccded1a487903a284c0e7921beba0de019995877d7f7f518f39559f72e445e2cb53c89c
-
SSDEEP
12288:Yn/zjvGHAykHJRLW/4+8bzbBSreM3pqZGDxK:az7GHAzH7jX1GFx
Score10/10-
Loads dropped DLL
-
-
-
Target
17dadc2b105c925bb5d598789e418a9fdedac3a5a26a05fa4b77c8d82f685bb1.elf
-
Size
26KB
-
MD5
1c9847187417b3862a8bb18705951f8d
-
SHA1
eed2e1e9134b783f8e2cc5b25de151fdcf1d3d7f
-
SHA256
17dadc2b105c925bb5d598789e418a9fdedac3a5a26a05fa4b77c8d82f685bb1
-
SHA512
59374fcc66d8d805a13b9b076001600df03049ea87c7f6c0468779352f4475c151048a1797b0842058a0543c52f5dbef57c0da3f6a3fcdf558f8bdfd614f0f81
-
SSDEEP
768:eMKyhegCCMqf2ExRIIOyF+Hx42gU99k9q3UELuZ:NKy4qf2XmFYaqNLE
Score3/10 -
-
-
Target
190ffc93d1cf8112811d0568736905e6a943cc4787fb569754ed7e15ecd2efd7.apk
-
Size
25.8MB
-
MD5
eb89d696dd5f7922b4c49db6585a69a0
-
SHA1
dc70bebb49ea7e0d85c45b206e4a557891e7e122
-
SHA256
190ffc93d1cf8112811d0568736905e6a943cc4787fb569754ed7e15ecd2efd7
-
SHA512
433df9feea2ee58701bf51d4db69925c0471b9361016a8a095a5bc76c2cff06834ad1dd5a1dea6d7e700c75ffea5108c472e6db2870184f69d9812d08b44c8cf
-
SSDEEP
393216:/q1j7QtsfFZWOHhlFXRdTKosUBU+X8UPNwhgcCgBj8aCyiPJeq39YSpv:iB7Q+fVtGGBNCgeB4aCylM95pv
Score3/10 -
-
-
Target
1a4383821db896055970d1358d5f3591a7b5963f93ffcca737ac94bf6972cce1.vbs
-
Size
554KB
-
MD5
a4afe82ecf3940b8363d806604bc37a6
-
SHA1
8d44d22cbe509b8f5662daf586e8de5446089ec9
-
SHA256
1a4383821db896055970d1358d5f3591a7b5963f93ffcca737ac94bf6972cce1
-
SHA512
be1817f80a514d1f7887a7a2b8f6e1364e3c14165effa26c3f12f95bdded410f81781246f36f2e0a7baa70682e513380b2fce5c4541bf9555594011013cf0649
-
SSDEEP
12288:89OSGK7KzVkqo3CoMndRBwcm4MpPrNbbx9Od/UR1VY:eGKW6nMn7BiPpDZbAMfVY
Score8/10-
Blocklisted process makes network request
-
-
-
Target
1aa85c5026608d04abec7b7af789f3b5e28c59064733c0efdb942a543926558d.exe
-
Size
851KB
-
MD5
84a4e8581550b0634e38d3218813ac79
-
SHA1
1005f9154fb27c448ce8e39646b2da1fc010942e
-
SHA256
1aa85c5026608d04abec7b7af789f3b5e28c59064733c0efdb942a543926558d
-
SHA512
0c924c0763f9bec6c7de3f303263436c8c63ff40682966feb04ffa54eb282aabe5d52a8d5dbffd417666f0a7d77d25eb24956a853616dfed24c79c278e9dd5a9
-
SSDEEP
12288:y4xTxt9ivc50KsBNgK10IJkHKqZrDgSQlOnvgfEunph:3FivcRsBVBJyZX28n2
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
1b13d05cae0e4eac18dbaffe04a238238d6c2c2be285d825712cfbef91341326.exe
-
Size
1.7MB
-
MD5
f18a8734fe5484be1f784dd47178d6c6
-
SHA1
abf12814aa5c4fd746e3b5a9635667a2c5ac0604
-
SHA256
1b13d05cae0e4eac18dbaffe04a238238d6c2c2be285d825712cfbef91341326
-
SHA512
f56646998a95a74bebd3174565ef01675f8c8ae9124f61598efbcfed60855e924accb4506da2f120bb9c9c59766fdc3de8f3dc79f5577ac0bd17ff9bf0d47f52
-
SSDEEP
49152:H6VUMI6hKcPoV8bZLL9uj5a/Nxg+i/qA3gv:H688lLcj5Yg7/qegv
Score7/10-
Loads dropped DLL
-
Blocklisted process makes network request
-
-
-
Target
1b9334e09c3df74ba3135169e49533c7a4d5a6c7ce090e31188e6f6a33403b52.exe
-
Size
226KB
-
MD5
19407c99f4b2baf3fcd8cc632ea60b97
-
SHA1
b6574e349b99bd865c84e79a0ca596c5fdadcaf4
-
SHA256
1b9334e09c3df74ba3135169e49533c7a4d5a6c7ce090e31188e6f6a33403b52
-
SHA512
969235b95372f6df5980151c6fa75ad920cee8004a2a07df114c83aec2b1c83c9a7aa53903842dcd3cfed4cd683664643f1846089386c34733921a4e08edeba5
-
SSDEEP
3072:EOS07dizsmBglaL0X+qa6eGR5d/Lhvw35WptqsVMn2jCV+btxEnogr:NSlDL0XXabGh/dwCnVM2jCVGtxEog
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
1bcbf1dce6780dbfb1b1ad1d86f25d4b7a50063be5b4640f8939085980c4e00c.exe
-
Size
214KB
-
MD5
da9914f2f681c7ef59293d3804c9133d
-
SHA1
49d23c8eac05f7c8af203f0b46f7d805fc4b1724
-
SHA256
1bcbf1dce6780dbfb1b1ad1d86f25d4b7a50063be5b4640f8939085980c4e00c
-
SHA512
3eaaf3ba1df0f3fef3141a3f2fb0e455620ffcf569dbe438d8a8a9fa2173c275897001f6ef52b18b138d5f88e9facc053f7e8a6751c655ee320842ee756f0615
-
SSDEEP
6144:qweEpobsxm+SEfyjP4P3yYZcfrFPWHFjp:bowkAwfrFPWH
Score7/10-
Executes dropped EXE
-
-
-
Target
1bd3fa491c5de8cb9189ff8f86fd1a7e27a8140e3578f8fa9ebb23931550cc5b.exe
-
Size
447KB
-
MD5
d93ae89b2dd80e754f282db2f968e537
-
SHA1
52d0f0a4cc753daae727e5d79ae575f37042e6c2
-
SHA256
1bd3fa491c5de8cb9189ff8f86fd1a7e27a8140e3578f8fa9ebb23931550cc5b
-
SHA512
021879e0ad17ceab7fa3cd29e483da9e7ff6155f4e1e1a493517549d8d25f004f234f6d2caf74944bd4718e6e24c79a5139d4018018350bc7434fafa3230c806
-
SSDEEP
6144:1HW9ZEjeXjYA2ospqAlwdVgDmETmGJE9i/pfp5thhhhYPDK2gIKb:mZ3XjYA2oXCRBuwpBrjYPDC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
3JavaScript
1PowerShell
2Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4