c0854444ad8bd79257dd667fb86b4e395921c709bc00a1e43691219339a546d1 | Triage

Submit
Reports

Overview

overview

7

Static

static

Default

windows10_x64

7

Sharing

General

Target

ago.exe
Size

216KB
Sample

201122-lvrj2dbz56
MD5

8a22b57fee81a6691ba74ce13ea58f95
SHA1

e53b9783088fda62bcd087478eee6658097858c0
SHA256

c0854444ad8bd79257dd667fb86b4e395921c709bc00a1e43691219339a546d1
SHA512

47de85991716702e121d5f6fb617bf16e542b9e7b08ce3604e1592edd8e5554abfed359636a03fcd59284edf694b8f658fd915ab733816da823c6907317fbf48

Score

7^/10

spyware

Static task

static1

Behavioral task

behavioral1

Sample

ago.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ago.exe
- Size
  
  216KB
- MD5
  
  8a22b57fee81a6691ba74ce13ea58f95
- SHA1
  
  e53b9783088fda62bcd087478eee6658097858c0
- SHA256
  
  c0854444ad8bd79257dd667fb86b4e395921c709bc00a1e43691219339a546d1
- SHA512
  
  47de85991716702e121d5f6fb617bf16e542b9e7b08ce3604e1592edd8e5554abfed359636a03fcd59284edf694b8f658fd915ab733816da823c6907317fbf48
Score

7^/10

spyware
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy