18000.00.exe

General
Target

18000.00.exe

Size

1010KB

Sample

210122-2kbydj5aax

Score
10 /10
MD5

ed2b6aa207a4ff0634d149aab2bf7d83

SHA1

df51f95a4113b90a0cd5f949e880de892c1f1402

SHA256

785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5

SHA512

807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420

Malware Config
Targets
Target

18000.00.exe

MD5

ed2b6aa207a4ff0634d149aab2bf7d83

Filesize

1010KB

Score
10 /10
SHA1

df51f95a4113b90a0cd5f949e880de892c1f1402

SHA256

785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5

SHA512

807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420

Tags

Signatures

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation