agenttesla | 247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b

Resubmissions

05-03-2024 03:19

240305-dvl2csdb5x 10

05-03-2024 01:58

240305-ceagysbc8w 10

Sharing

Copy URL

Twitter E-mail

General

Target

247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b
Size

1.8MB
MD5

a953eec2e51c5ce261319462f72aa4f8
SHA1

e5753629ca581cc058366b2cc5c9979d61a7c7e5
SHA256

247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b
SHA512

db8f4c3e7588a2962badac5e76c218c05edf396eaebde2f09fb512f9c40498e1ea6a1da771675e7ade42aef915a2f763c510944b1cb1e7eac27093bb3d44ef8d
SSDEEP

12288:xg3Go9JeD3D4kSCWfee0XGn6GZKJvIj16oE93CMqL00Ls2A7bmM5yR9rPaDLkuAU:Rh19yhRUzAMC3aEWumV9sMT

Score

10^/10

rat miner agenttesla darktrack modiloader netwire quasar shurk snakekeylogger stormkitty zeppelin cobaltstrike xmrig darkcomet gcleaner remcos

Malware Config

Signatures

AgentTesla payload 1 IoCs

Processes:

resource yara_rule

sample family_agenttesla
Agenttesla family
agenttesla
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.

Processes:

resource yara_rule

sample cobalt_reflective_dll
Cobaltstrike family
cobaltstrike
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def
DarkTrack payload 1 IoCs

Processes:

resource yara_rule

sample family_darktrack
Darkcomet family
darkcomet
Darktrack family
darktrack
Detects Zeppelin payload 1 IoCs

Processes:

resource yara_rule

sample family_zeppelin
Gcleaner family
gcleaner
ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader
NetWire RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample netwire
Netwire family
netwire
Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Remcos family
remcos
Shurk Stealer payload 1 IoCs

Processes:

resource yara_rule

sample shurk_stealer
Shurk family
shurk
Snake Keylogger payload 1 IoCs

Processes:

resource yara_rule

sample family_snakekeylogger
Snakekeylogger family
snakekeylogger
StormKitty payload 1 IoCs

Processes:

resource yara_rule

sample family_stormkitty
Stormkitty family
stormkitty
XMRig Miner payload 1 IoCs
miner

Processes:

resource yara_rule

sample family_xmrig
Xmrig family
xmrig
Zeppelin family
zeppelin
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.

Processes:

resource yara_rule

sample autoit_exe

resource	yara_rule
sample	family_agenttesla

resource	yara_rule
sample	cobalt_reflective_dll

resource	yara_rule
sample	disable_win_def

resource	yara_rule
sample	family_darktrack

resource	yara_rule
sample	family_zeppelin

resource	yara_rule
sample	modiloader_stage2

resource	yara_rule
sample	netwire

resource	yara_rule
sample	family_quasar

resource	yara_rule
sample	shurk_stealer

resource	yara_rule
sample	family_snakekeylogger

resource	yara_rule
sample	family_stormkitty

resource	yara_rule
sample	family_xmrig

resource	yara_rule
sample	autoit_exe

Files

247c373d0699414d8393e4f78f413d82f063810c63c3ccfd63c4e201af32620b