Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158

  • Size

    1.1MB

  • Sample

    221126-bsztbsfb9z

  • MD5

    a471e88b1cb62af98534d61c26dd1973

  • SHA1

    e9265d4b74ee8b09f60e1ab391691a90d19988ff

  • SHA256

    6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158

  • SHA512

    0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f

  • SSDEEP

    24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158

    • Size

      1.1MB

    • MD5

      a471e88b1cb62af98534d61c26dd1973

    • SHA1

      e9265d4b74ee8b09f60e1ab391691a90d19988ff

    • SHA256

      6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158

    • SHA512

      0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f

    • SSDEEP

      24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks