General
-
Target
ago.exe
-
Size
216KB
-
Sample
201122-lvrj2dbz56
-
MD5
8a22b57fee81a6691ba74ce13ea58f95
-
SHA1
e53b9783088fda62bcd087478eee6658097858c0
-
SHA256
c0854444ad8bd79257dd667fb86b4e395921c709bc00a1e43691219339a546d1
-
SHA512
47de85991716702e121d5f6fb617bf16e542b9e7b08ce3604e1592edd8e5554abfed359636a03fcd59284edf694b8f658fd915ab733816da823c6907317fbf48
Static task
static1
Behavioral task
behavioral1
Sample
ago.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
ago.exe
-
Size
216KB
-
MD5
8a22b57fee81a6691ba74ce13ea58f95
-
SHA1
e53b9783088fda62bcd087478eee6658097858c0
-
SHA256
c0854444ad8bd79257dd667fb86b4e395921c709bc00a1e43691219339a546d1
-
SHA512
47de85991716702e121d5f6fb617bf16e542b9e7b08ce3604e1592edd8e5554abfed359636a03fcd59284edf694b8f658fd915ab733816da823c6907317fbf48
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-