Overview

overview

10

Static

static

2e30619a9c...9d.exe

windows7-x64

10

2e30619a9c...9d.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e30619a9c0e6d353a6364fa8c2eed03ee10eaeb37999f084ff6c117b7e1a39d

  • Size

    575KB

  • Sample

    221206-bkdk5adg38

  • MD5

    b3bc6df73cca8a89ec1f831d64d7e122

  • SHA1

    dcbf005ecd960e2893e5fd71eb9fd902bab32b94

  • SHA256

    b2b3bb01bea096fcd29787d36e9d0e580aa82228738ce3e19c8c3291f686c5d6

  • SHA512

    50d6499b6d695e2084f937aacdad51e89b278ea4ca5c4d7ebaa1bcf0b37c49507c8cbc2f51a942b8d4f7b6d0246a07ffb7bbf287fa880ba455467c6a1f008d16

  • SSDEEP

    12288:gm7KgvMyIhVv/nDuM/4ksrTf05PzrcntxzmTUH/F9yPJ7OdSB:ggzeVv/dwlX6zHTUF9yhPB

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.valvulasthermovalve.cl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    LILKOOLL14!!

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.valvulasthermovalve.cl/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    LILKOOLL14!!

Targets

    • Target

      2e30619a9c0e6d353a6364fa8c2eed03ee10eaeb37999f084ff6c117b7e1a39d

    • Size

      644KB

    • MD5

      61ecedf033858c2312ca797dc967cfd8

    • SHA1

      a0879ec473b6a8449865f016dd03a84e5f985281

    • SHA256

      2e30619a9c0e6d353a6364fa8c2eed03ee10eaeb37999f084ff6c117b7e1a39d

    • SHA512

      6a4068d09184f885fd42ae6187ae3fc2e4ec4ffb4c566862bc3920d24fab3af64fa781f4a48734c300b4a4810245b58eaa274a5ea2ba94cf207d510ad641664a

    • SSDEEP

      12288:7g1y5GMSe1yIhVFbnDuCB4karTf45PJrczthzmTUHLz9cjJJOdhwA:s1yEGVFbnWZXeJXTOz9cNDA

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks