Overview

overview

10

Static

static

chusmoni.exe

windows7_x64

10

chusmoni.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8e78e9e5f6cef4d8d68f6aa53923c1d899bd7ad0f1094c2257e68c595a91bfe

  • Size

    239KB

  • Sample

    220521-nytwgsecg9

  • MD5

    2b01988b09db04abdbd45ef82f4eef6a

  • SHA1

    77b870496107edb916f78e83538a932047a044a9

  • SHA256

    e8e78e9e5f6cef4d8d68f6aa53923c1d899bd7ad0f1094c2257e68c595a91bfe

  • SHA512

    78f00c66ce3a51d7e13eb13f58e6960d5ac75488b44dd86be26325c721832777f9131246f9364bb1bc88c89272287e95d11a43ae898d058f55202a19e7f97f5e

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.lallyautomobiles.net
  • Port:
    587
  • Username:
    partsshimla@lallyautomobiles.net
  • Password:
    HondaNew@2015

Targets

    • Target

      chusmoni.exe

    • Size

      333KB

    • MD5

      43ab1e4d8499507ba762ed516b3c46f5

    • SHA1

      dbb84608528fff3bbe56592d9385c22019cdf663

    • SHA256

      c17b7612a5cd7b21ca202a966406d24d7d42047f13ba6254c5ea284d7d4fc764

    • SHA512

      28572516a323404a3e1f44d9b57487607e0fdb598358f156023a77818128355b159103664ed449e1bf6d3f75aca27a68e9117a2f8d802b578483312bc2e81bb0

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks