Description
Infostealers often target stored browser data, which can include saved credentials etc.
18000.00.exe
General
Target
Size
Sample
18000.00.exe
1010KB
210122-2kbydj5aax
Score
10 /10
MD5
SHA1
SHA256
SHA512
ed2b6aa207a4ff0634d149aab2bf7d83
df51f95a4113b90a0cd5f949e880de892c1f1402
785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5
807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420
Malware Config
Targets
Target
MD5
Filesize
18000.00.exe
ed2b6aa207a4ff0634d149aab2bf7d83
1010KB
Score
10 /10
SHA1
SHA256
SHA512
df51f95a4113b90a0cd5f949e880de892c1f1402
785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5
807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420
Tags
Signatures
-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
-
Adds Run key to start application
Tags
TTPs
-
Enumerates physical storage devices
Description
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Tags
TTPs
-
Suspicious use of SetThreadContext
-
AgentTesla
Description
Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks