5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x2e5b8:$s1: get_kbok
- 0x2eefb:$s2: get_CHoo
- 0x2fb49:$s3: set_passwordIsSet
- 0x2e3bc:$s4: get_enableLog
- 0x32a1c:$s8: torbrowser
- 0x313f8:$s10: logins
- 0x30d70:$s11: credential
- 0x2d7e1:$g1: get_Clipboard
- 0x2d7ef:$g2: get_Keyboard
- 0x2d7fc:$g3: get_Password
- 0x2ed9a:$g4: get_CtrlKeyDown
- 0x2edaa:$g5: get_ShiftKeyDown
- 0x2edbb:$g6: get_AltKeyDown
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x2e5b8:$s1: get_kbok
- 0x2eefb:$s2: get_CHoo
- 0x2fb49:$s3: set_passwordIsSet
- 0x2e3bc:$s4: get_enableLog
- 0x32a1c:$s8: torbrowser
- 0x313f8:$s10: logins
- 0x30d70:$s11: credential
- 0x2d7e1:$g1: get_Clipboard
- 0x2d7ef:$g2: get_Keyboard
- 0x2d7fc:$g3: get_Password
- 0x2ed9a:$g4: get_CtrlKeyDown
- 0x2edaa:$g5: get_ShiftKeyDown
- 0x2edbb:$g6: get_AltKeyDown
|
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.7170000.9.unpack | MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen | - 0x4fc7b:$s1: file:///
- 0x4fb8b:$s2: {11111-22222-10009-11112}
- 0x4fc0b:$s3: {11111-22222-50001-00000}
- 0x4d0a5:$s4: get_Module
- 0x4d4eb:$s5: Reverse
- 0x4f4ba:$s6: BlockCopy
- 0x4f2fe:$s7: ReadByte
- 0x4fc8d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
|
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x32b70:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
- 0x30baa:$g5: get_ShiftKeyDown
- 0x30bbb:$g6: get_AltKeyDown
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.7170000.9.raw.unpack | MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen | - 0x51a7b:$s1: file:///
- 0x5198b:$s2: {11111-22222-10009-11112}
- 0x51a0b:$s3: {11111-22222-50001-00000}
- 0x4eea5:$s4: get_Module
- 0x4f2eb:$s5: Reverse
- 0x512ba:$s6: BlockCopy
- 0x510fe:$s7: ReadByte
- 0x51a8d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x659d8:$s1: get_kbok
- 0x273238:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x6631b:$s2: get_CHoo
- 0x273b7b:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x66f69:$s3: set_passwordIsSet
- 0x2747c9:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x657dc:$s4: get_enableLog
- 0x27303c:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x69e3c:$s8: torbrowser
- 0x27769c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x68818:$s10: logins
- 0x276078:$s10: logins
- 0x32b70:$s11: credential
- 0x68190:$s11: credential
- 0x2759f0:$s11: credential
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack | MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen | - 0x202adb:$s1: file:///
- 0x2029eb:$s2: {11111-22222-10009-11112}
- 0x202a6b:$s3: {11111-22222-50001-00000}
- 0x1fff05:$s4: get_Module
- 0x2fcb4:$s5: Reverse
- 0x652d4:$s5: Reverse
- 0x20034b:$s5: Reverse
- 0x272b34:$s5: Reverse
- 0x31f8d:$s6: BlockCopy
- 0x675ad:$s6: BlockCopy
- 0x20231a:$s6: BlockCopy
- 0x274e0d:$s6: BlockCopy
- 0x2ff26:$s7: ReadByte
- 0x65546:$s7: ReadByte
- 0x20215e:$s7: ReadByte
- 0x272da6:$s7: ReadByte
- 0x202aed:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x303b8:$s1: get_kbok
- 0x23dc18:$s1: get_kbok
- 0x30cfb:$s2: get_CHoo
- 0x23e55b:$s2: get_CHoo
- 0x31949:$s3: set_passwordIsSet
- 0x23f1a9:$s3: set_passwordIsSet
- 0x301bc:$s4: get_enableLog
- 0x23da1c:$s4: get_enableLog
- 0x3481c:$s8: torbrowser
- 0x24207c:$s8: torbrowser
- 0x331f8:$s10: logins
- 0x240a58:$s10: logins
- 0x32b70:$s11: credential
- 0x2403d0:$s11: credential
- 0x2f5e1:$g1: get_Clipboard
- 0x23ce41:$g1: get_Clipboard
- 0x2f5ef:$g2: get_Keyboard
- 0x23ce4f:$g2: get_Keyboard
- 0x2f5fc:$g3: get_Password
- 0x23ce5c:$g3: get_Password
- 0x30b9a:$g4: get_CtrlKeyDown
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack | MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen | - 0x1cd4bb:$s1: file:///
- 0x1cd3cb:$s2: {11111-22222-10009-11112}
- 0x1cd44b:$s3: {11111-22222-50001-00000}
- 0x1ca8e5:$s4: get_Module
- 0x2fcb4:$s5: Reverse
- 0x1cad2b:$s5: Reverse
- 0x23d514:$s5: Reverse
- 0x31f8d:$s6: BlockCopy
- 0x1cccfa:$s6: BlockCopy
- 0x23f7ed:$s6: BlockCopy
- 0x2ff26:$s7: ReadByte
- 0x1ccb3e:$s7: ReadByte
- 0x23d786:$s7: ReadByte
- 0x1cd4cd:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack | JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack | JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | |
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack | MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen | - 0x677d8:$s1: get_kbok
- 0x9cdf8:$s1: get_kbok
- 0x2aa658:$s1: get_kbok
- 0x6811b:$s2: get_CHoo
- 0x9d73b:$s2: get_CHoo
- 0x2aaf9b:$s2: get_CHoo
- 0x68d69:$s3: set_passwordIsSet
- 0x9e389:$s3: set_passwordIsSet
- 0x2abbe9:$s3: set_passwordIsSet
- 0x675dc:$s4: get_enableLog
- 0x9cbfc:$s4: get_enableLog
- 0x2aa45c:$s4: get_enableLog
- 0x6bc3c:$s8: torbrowser
- 0xa125c:$s8: torbrowser
- 0x2aeabc:$s8: torbrowser
- 0x6a618:$s10: logins
- 0x9fc38:$s10: logins
- 0x2ad498:$s10: logins
- 0x69f90:$s11: credential
- 0x9f5b0:$s11: credential
- 0x2ace10:$s11: credential
|
0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack | MALWARE_Win_zgRAT | Detects zgRAT | ditekSHen | - 0x239efb:$s1: file:///
- 0x239e0b:$s2: {11111-22222-10009-11112}
- 0x239e8b:$s3: {11111-22222-50001-00000}
- 0x237325:$s4: get_Module
- 0x670d4:$s5: Reverse
- 0x9c6f4:$s5: Reverse
- 0x23776b:$s5: Reverse
- 0x2a9f54:$s5: Reverse
- 0x693ad:$s6: BlockCopy
- 0x9e9cd:$s6: BlockCopy
- 0x23973a:$s6: BlockCopy
- 0x2ac22d:$s6: BlockCopy
- 0x67346:$s7: ReadByte
- 0x9c966:$s7: ReadByte
- 0x23957e:$s7: ReadByte
- 0x2aa1c6:$s7: ReadByte
- 0x239f0d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
|
Click to see the 42 entries |