Overview

overview

10

Static

static

5

??????????...df.exe

windows7_x64

10

??????????...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a9730571569678290789c40e0b578d09be5d2d5550f101d85c14c16ba770748

  • Size

    1.0MB

  • Sample

    220521-m76qzagchj

  • MD5

    5ff4a422bda50b61b8667bb1ff337e82

  • SHA1

    c769502af540ea51c3387ea365365a02e800e683

  • SHA256

    8a9730571569678290789c40e0b578d09be5d2d5550f101d85c14c16ba770748

  • SHA512

    cf70598663311ab51b71c28370f8f8028ef5d1644b3c3d7abbe128fce8c3a0242ae5078ec9aa3433933038afec89107964dcd5e03cac47d506af8c1b5491a4c7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.kassohome.com.tr/
  • Port:
    21
  • Username:
    bringlogs@kassohome.com.tr
  • Password:
    J%jCb2L=!5~E

  • Protocol:     ftp
  • Host:
    ftp://ftp.kassohome.com.tr/
  • Port:
    21
  • Username:
    bringlogs@kassohome.com.tr
  • Password:
    J%jCb2L=!5~E

Targets

    • Target

      ????????????? FedEx-pdf.exe

    • Size

      1.4MB

    • MD5

      cd5f67b3a7d561a47a7896e9b8bc3a6a

    • SHA1

      223b276114143e3704e95964e91d02a8af277753

    • SHA256

      6fb3eca3bc35ceba9ce806f93a2855cec717897923851643f40e62dcecc2f14f

    • SHA512

      ee9ca4ed880b58d1d60b169342d98d49d4595a2b757dedfbce78841325524e9c17e9e69c4c029dc3c3050528a9eb93a0d6cb6d2c82fefc7f6d2afa99cbc83a9a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks