b9a31ec9cf6084d9ea4543ae5454f6c0.exe

General
Target

b9a31ec9cf6084d9ea4543ae5454f6c0.exe

Size

35KB

Sample

210408-cjzbxpe86s

Score
10 /10
MD5

b9a31ec9cf6084d9ea4543ae5454f6c0

SHA1

1b8fe311794d5ee7c85930d57e8ee521653342e0

SHA256

9bdd28e639ad1bd0bd8cab6e287279db86d951b1a488786c3435f7a5f39ac383

SHA512

91e0e5ee915b8217a84a85c860f0be6f145cac6188b0de7874d698952b7a1f7fb16cde22cb59a1a2fef5af131f81408ae28161c7ed900f1d75885f9bdb1c138f

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: binatonezx.cf

Port: 587

Username: arinzelogs@binatonezx.cf

Password: 7213575aceACE@#$

Targets
Target

b9a31ec9cf6084d9ea4543ae5454f6c0.exe

MD5

b9a31ec9cf6084d9ea4543ae5454f6c0

Filesize

35KB

Score
10 /10
SHA1

1b8fe311794d5ee7c85930d57e8ee521653342e0

SHA256

9bdd28e639ad1bd0bd8cab6e287279db86d951b1a488786c3435f7a5f39ac383

SHA512

91e0e5ee915b8217a84a85c860f0be6f145cac6188b0de7874d698952b7a1f7fb16cde22cb59a1a2fef5af131f81408ae28161c7ed900f1d75885f9bdb1c138f

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • UAC bypass

    Tags

    TTPs

    Bypass User Account Control Disabling Security Tools Modify Registry
  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • AgentTesla Payload

  • Drops file in Drivers directory

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation