Overview

overview

10

Static

static

apr.20.Pro...le.exe

windows7_x64

10

apr.20.Pro...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    apr.20.Product.Sample.exe

  • Size

    914KB

  • Sample

    210420-4m9t6y8hje

  • MD5

    54be59d38b7cd8b17b2a61dc223b9ba4

  • SHA1

    9f53e465983fef1d75c125f02f561eb367ffc7c3

  • SHA256

    00e029505f08409c263a00c64d9afb68ce25af2c87ce9aff7b8533b965294215

  • SHA512

    77f8f867d4a19be4c9a4ecfa26ac9baa67621d7217017164bf11f61635bd0363bb450d71f70b050223c89419ce001c9f77d0aa183dfd9899861abf179d1236c7

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://199.188.200.93/
  • Port:
    21
  • Username:
    oralogvj
  • Password:
    BNHColCvgMdA

Targets

    • Target

      apr.20.Product.Sample.exe

    • Size

      914KB

    • MD5

      54be59d38b7cd8b17b2a61dc223b9ba4

    • SHA1

      9f53e465983fef1d75c125f02f561eb367ffc7c3

    • SHA256

      00e029505f08409c263a00c64d9afb68ce25af2c87ce9aff7b8533b965294215

    • SHA512

      77f8f867d4a19be4c9a4ecfa26ac9baa67621d7217017164bf11f61635bd0363bb450d71f70b050223c89419ce001c9f77d0aa183dfd9899861abf179d1236c7

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks