0.2.sexemulator.exe.4636468.2.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.sexemulator.exe.4636468.2.raw.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
0.2.sexemulator.exe.4636468.2.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.sexemulator.exe.4636468.2.raw.unpack | AgentTesla_1 | AgentTesla Payload | kevoreilly | - 0x109a0:$string1: smtp
- 0x120e0:$string1: smtp
- 0xff92:$string2: appdata
- 0x1006a:$string3: 76487-337-8429955-22614
- 0xffb6:$string4: yyyy-MM-dd HH:mm:ss
- 0xff74:$string6: webpanel
- 0x10b49:$string7: <br>UserName :
- 0x110fd:$string8: <br>IP Address :
|
0.2.sexemulator.exe.4636468.2.raw.unpack | INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen | - 0x14b45:$f1: FileZilla\recentservers.xml
- 0x14c51:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
- 0x14009:$b1: Chrome\User Data\
- 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x14081:$b4: Opera Software\Opera Stable\Login Data
- 0x140e9:$b5: YandexBrowser\User Data\
- 0x6d54:$s4: logins.json
- 0x1415d:$s4: logins.json
- 0x156e3:$s5: Account.CFN
- 0x15e1b:$s6: wand.dat
- 0x13fbd:$a1: username_value
- 0x13fdb:$a2: password_value
- 0x6da8:$a3: encryptedUsername
- 0x141b1:$a3: encryptedUsername
- 0x1482b:$a3: encryptedUsername
- 0x6d84:$a4: encryptedPassword
- 0x1418d:$a4: encryptedPassword
- 0x1484f:$a4: encryptedPassword
|
0.2.sexemulator.exe.4636468.2.raw.unpack | MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen | - 0xddf8:$s1: get_kbHook
- 0xf12a:$s2: GetPrivateProfileString
- 0xd02f:$s3: get_OSFullName
- 0xe0ad:$s4: get_PasswordHash
- 0xd817:$s6: FtpWebRequest
- 0x6d54:$s7: logins
- 0x14073:$s7: logins
- 0x1415d:$s7: logins
- 0x1460b:$s7: logins
- 0x1480b:$s7: logins
- 0x17888:$s7: logins
- 0x1107f:$s8: keylog
|
0.2.sexemulator.exe.4636468.2.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x6d54:$s10: logins
- 0x14073:$s10: logins
- 0x1415d:$s10: logins
- 0x1460b:$s10: logins
- 0x1480b:$s10: logins
- 0x17888:$s10: logins
- 0xddc9:$g1: get_Clipboard
- 0xdf73:$g2: get_Keyboard
- 0x26bc:$g3: get_Password
- 0x613a:$g3: get_Password
- 0xe0be:$g3: get_Password
- 0xdf98:$g4: get_CtrlKeyDown
- 0xdfba:$g5: get_ShiftKeyDown
- 0xdf89:$g6: get_AltKeyDown
|
0.2.sexemulator.exe.46215b0.1.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.sexemulator.exe.46215b0.1.raw.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
0.2.sexemulator.exe.46215b0.1.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.sexemulator.exe.46215b0.1.raw.unpack | AgentTesla_1 | AgentTesla Payload | kevoreilly | - 0x25858:$string1: smtp
- 0x26f98:$string1: smtp
- 0x24e4a:$string2: appdata
- 0x24f22:$string3: 76487-337-8429955-22614
- 0x24e6e:$string4: yyyy-MM-dd HH:mm:ss
- 0x24e2c:$string6: webpanel
- 0x25a01:$string7: <br>UserName :
- 0x25fb5:$string8: <br>IP Address :
|
0.2.sexemulator.exe.46215b0.1.raw.unpack | INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen | - 0x299fd:$f1: FileZilla\recentservers.xml
- 0x29b09:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
- 0x28ec1:$b1: Chrome\User Data\
- 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x28f39:$b4: Opera Software\Opera Stable\Login Data
- 0x28fa1:$b5: YandexBrowser\User Data\
- 0x1bc0c:$s4: logins.json
- 0x29015:$s4: logins.json
- 0x2a59b:$s5: Account.CFN
- 0x2acd3:$s6: wand.dat
- 0x28e75:$a1: username_value
- 0x28e93:$a2: password_value
- 0x1bc60:$a3: encryptedUsername
- 0x29069:$a3: encryptedUsername
- 0x296e3:$a3: encryptedUsername
- 0x1bc3c:$a4: encryptedPassword
- 0x29045:$a4: encryptedPassword
- 0x29707:$a4: encryptedPassword
|
0.2.sexemulator.exe.46215b0.1.raw.unpack | MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen | - 0x22cb0:$s1: get_kbHook
- 0x23fe2:$s2: GetPrivateProfileString
- 0x21ee7:$s3: get_OSFullName
- 0x22f65:$s4: get_PasswordHash
- 0x226cf:$s6: FtpWebRequest
- 0x1bc0c:$s7: logins
- 0x28f2b:$s7: logins
- 0x29015:$s7: logins
- 0x294c3:$s7: logins
- 0x296c3:$s7: logins
- 0x2c740:$s7: logins
- 0x25f37:$s8: keylog
|
0.2.sexemulator.exe.46215b0.1.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x1bc0c:$s10: logins
- 0x28f2b:$s10: logins
- 0x29015:$s10: logins
- 0x294c3:$s10: logins
- 0x296c3:$s10: logins
- 0x2c740:$s10: logins
- 0x22c81:$g1: get_Clipboard
- 0x22e2b:$g2: get_Keyboard
- 0x17574:$g3: get_Password
- 0x1aff2:$g3: get_Password
- 0x22f76:$g3: get_Password
- 0x22e50:$g4: get_CtrlKeyDown
- 0x22e72:$g5: get_ShiftKeyDown
- 0x22e41:$g6: get_AltKeyDown
|
0.2.sexemulator.exe.463a740.0.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.sexemulator.exe.463a740.0.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.sexemulator.exe.463a740.0.raw.unpack | AgentTesla_1 | AgentTesla Payload | kevoreilly | - 0xc6c8:$string1: smtp
- 0xde08:$string1: smtp
- 0xbcba:$string2: appdata
- 0xbd92:$string3: 76487-337-8429955-22614
- 0xbcde:$string4: yyyy-MM-dd HH:mm:ss
- 0xbc9c:$string6: webpanel
- 0xc871:$string7: <br>UserName :
- 0xce25:$string8: <br>IP Address :
|
0.2.sexemulator.exe.463a740.0.raw.unpack | INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen | - 0x1086d:$f1: FileZilla\recentservers.xml
- 0x10979:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
- 0xfd31:$b1: Chrome\User Data\
- 0xfda9:$b4: Opera Software\Opera Stable\Login Data
- 0xfe11:$b5: YandexBrowser\User Data\
- 0x2a7c:$s4: logins.json
- 0xfe85:$s4: logins.json
- 0x1140b:$s5: Account.CFN
- 0x11b43:$s6: wand.dat
- 0xfce5:$a1: username_value
- 0xfd03:$a2: password_value
- 0x2ad0:$a3: encryptedUsername
- 0xfed9:$a3: encryptedUsername
- 0x10553:$a3: encryptedUsername
- 0x2aac:$a4: encryptedPassword
- 0xfeb5:$a4: encryptedPassword
- 0x10577:$a4: encryptedPassword
|
0.2.sexemulator.exe.463a740.0.raw.unpack | MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen | - 0x9b20:$s1: get_kbHook
- 0xae52:$s2: GetPrivateProfileString
- 0x8d57:$s3: get_OSFullName
- 0x9dd5:$s4: get_PasswordHash
- 0x953f:$s6: FtpWebRequest
- 0x2a7c:$s7: logins
- 0xfd9b:$s7: logins
- 0xfe85:$s7: logins
- 0x10333:$s7: logins
- 0x10533:$s7: logins
- 0x135b0:$s7: logins
- 0xcda7:$s8: keylog
|
0.2.sexemulator.exe.463a740.0.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x2a7c:$s10: logins
- 0xfd9b:$s10: logins
- 0xfe85:$s10: logins
- 0x10333:$s10: logins
- 0x10533:$s10: logins
- 0x135b0:$s10: logins
- 0x9af1:$g1: get_Clipboard
- 0x9c9b:$g2: get_Keyboard
- 0x1e62:$g3: get_Password
- 0x9de6:$g3: get_Password
- 0x9cc0:$g4: get_CtrlKeyDown
- 0x9ce2:$g5: get_ShiftKeyDown
- 0x9cb1:$g6: get_AltKeyDown
|
0.2.sexemulator.exe.46215b0.1.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.sexemulator.exe.46215b0.1.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.sexemulator.exe.46215b0.1.unpack | AgentTesla_1 | AgentTesla Payload | kevoreilly | - 0x23a58:$string1: smtp
- 0x25198:$string1: smtp
- 0x2304a:$string2: appdata
- 0x23122:$string3: 76487-337-8429955-22614
- 0x2306e:$string4: yyyy-MM-dd HH:mm:ss
- 0x2302c:$string6: webpanel
- 0x23c01:$string7: <br>UserName :
- 0x241b5:$string8: <br>IP Address :
|
0.2.sexemulator.exe.46215b0.1.unpack | INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen | - 0x27bfd:$f1: FileZilla\recentservers.xml
- 0x27d09:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
- 0x270c1:$b1: Chrome\User Data\
- 0x16360:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x1663c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- 0x27139:$b4: Opera Software\Opera Stable\Login Data
- 0x271a1:$b5: YandexBrowser\User Data\
- 0x19e0c:$s4: logins.json
- 0x27215:$s4: logins.json
- 0x2879b:$s5: Account.CFN
- 0x28ed3:$s6: wand.dat
- 0x27075:$a1: username_value
- 0x27093:$a2: password_value
- 0x19e60:$a3: encryptedUsername
- 0x27269:$a3: encryptedUsername
- 0x278e3:$a3: encryptedUsername
- 0x19e3c:$a4: encryptedPassword
- 0x27245:$a4: encryptedPassword
- 0x27907:$a4: encryptedPassword
|
0.2.sexemulator.exe.46215b0.1.unpack | MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen | - 0x20eb0:$s1: get_kbHook
- 0x221e2:$s2: GetPrivateProfileString
- 0x200e7:$s3: get_OSFullName
- 0x21165:$s4: get_PasswordHash
- 0x208cf:$s6: FtpWebRequest
- 0x19e0c:$s7: logins
- 0x2712b:$s7: logins
- 0x27215:$s7: logins
- 0x276c3:$s7: logins
- 0x278c3:$s7: logins
- 0x2a940:$s7: logins
- 0x24137:$s8: keylog
|
0.2.sexemulator.exe.46215b0.1.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x19e0c:$s10: logins
- 0x2712b:$s10: logins
- 0x27215:$s10: logins
- 0x276c3:$s10: logins
- 0x278c3:$s10: logins
- 0x2a940:$s10: logins
- 0x20e81:$g1: get_Clipboard
- 0x2102b:$g2: get_Keyboard
- 0x15774:$g3: get_Password
- 0x191f2:$g3: get_Password
- 0x21176:$g3: get_Password
- 0x21050:$g4: get_CtrlKeyDown
- 0x21072:$g5: get_ShiftKeyDown
- 0x21041:$g6: get_AltKeyDown
|
Click to see the 21 entries |