Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    000IDMFLAXS7KD29-C324-F4.jpeg

  • Size

    251KB

  • MD5

    c59a4f4ce4d02a9468e6372bb51ac996

  • SHA1

    48a77f68818b52753a98b588576b83f3ffc03335

  • SHA256

    3f3aa60c75f596017405c60649f8c05a0fc6490110b655b2cb8a75d5c0b47d87

  • SHA512

    2b17a47b98afc1a8a402969a6dcc9b917c8b7c1f88a4c112e5f9d10d1ee8bc447eca91d17d126d941eb3ed9d7b0dd77f87e7f9459c7bde6c609be6c15ceaa41b

  • SSDEEP

    6144:wfFJWoNXVtE7IIF7dX9ftFr8sJDWn1EfDyYZ7H3Yj/9ML:gJWo1E7hc2uYdYj9ML

  Score

  10^/10

  agentteslaasyncratateraagentazorultgh0stratquasarredlinesnakekeyloggervipkeyloggeres codestandofftestcredential_accessdiscoveryexecutioninfostealerkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent

  • Ateraagent family

    ateraagent

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Detects AteraAgent

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Gh0strat family

    gh0strat

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Server Software Component: Terminal Services DLL

    persistence

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1