Overview

overview

10

Static

static

3

SecuriteIn...43.exe

windows7-x64

10

SecuriteIn...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.MSIL.Crypt.1234.1843.exe

  • Size

    823KB

  • Sample

    240428-jgyqwsbb8y

  • MD5

    351e34490e42fa013f5ecf82de7be7be

  • SHA1

    655f984d3aac7cff3958d7046c43004aecc2cacd

  • SHA256

    82d4b4cff135a6e13a6f58c5ff84fde26be30c8063a216183aaa0f035620755f

  • SHA512

    dca166a528e001919257353079b4bd263b7be4b9702181506d1ccafbfcf7b5cc7436261825d773c19ce7ee582f05fba5c7c9db1c492d4aa7cbd759dabd16b772

  • SSDEEP

    24576:0qf7a44E29ZQWjDwKB8fJxRfVviRiDOr0ZSNqL8pKCBI:bf7a4rwRkKBeJxRfVaRiyrsS4I7B

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.alfainterplast.com.ua
  • Port:
    587
  • Username:
    dotuquyen@alfainterplast.com.ua
  • Password:
    pay2024password$$
  • Email To:
    trinhhung@alfainterplast.com.ua

Targets

    • Target

      SecuriteInfo.com.Trojan.MSIL.Crypt.1234.1843.exe

    • Size

      823KB

    • MD5

      351e34490e42fa013f5ecf82de7be7be

    • SHA1

      655f984d3aac7cff3958d7046c43004aecc2cacd

    • SHA256

      82d4b4cff135a6e13a6f58c5ff84fde26be30c8063a216183aaa0f035620755f

    • SHA512

      dca166a528e001919257353079b4bd263b7be4b9702181506d1ccafbfcf7b5cc7436261825d773c19ce7ee582f05fba5c7c9db1c492d4aa7cbd759dabd16b772

    • SSDEEP

      24576:0qf7a44E29ZQWjDwKB8fJxRfVviRiDOr0ZSNqL8pKCBI:bf7a4rwRkKBeJxRfVaRiyrsS4I7B

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks