SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462

General
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462

Size

39KB

Sample

210122-pepyjdy6ea

Score
10 /10
MD5

093581879b31e72cb9f58572e92a326b

SHA1

79f62189cca9d966bf5fa783f54d6ad9032fe820

SHA256

7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54

SHA512

8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a

Malware Config
Targets
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462

MD5

093581879b31e72cb9f58572e92a326b

Filesize

39KB

Score
10 /10
SHA1

79f62189cca9d966bf5fa783f54d6ad9032fe820

SHA256

7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54

SHA512

8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks