Overview

overview

10

Static

static

New Order.exe

windows7-x64

10

New Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment swift copy.zip

  • Size

    601KB

  • Sample

    221209-n9q9qsga4w

  • MD5

    2a38604bbd4d52a1be593657c0cdb4cd

  • SHA1

    2d81567dc977554ebca82952d74a105fea5c5449

  • SHA256

    d9acb802b8df81db159e5bf1516fedd25ba47e5e23aed5602c25624eb097de4f

  • SHA512

    15af058872f214f3ea58b2b9a12a921463d5c0007acc37ac5dcb441bcc3583f800e8333fb438d16d57f5c0e67f02e3ffc0cc78e01299ce76cff8cf2f0f47200e

  • SSDEEP

    12288:U0FaTq1hNobdDqq8bhASWpCedsgjtD5Rs30pPWZ+PB:fxNobpeqSWsQtxD5R8yt5

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    host39.registrar-servers.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    & *?aFO-fh $eq

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    host39.registrar-servers.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    & *?aFO-fh $eq

Targets

    • Target

      New Order.exe

    • Size

      759KB

    • MD5

      f3d3588d8a1d1638c40d85becc40fe7f

    • SHA1

      0c974d99ef50ed47c308e6bad897b1d5067f7c9a

    • SHA256

      c6d506b27d8b7bb64a7e497b7dd7e909fdb79ab354ac2ea52202eb0eb79f98a7

    • SHA512

      7968c742b535180a2277ac563ec0f16f4c1079cb37ad6149c1582d3514954699964e9f727d7124df8cb034ab7e8b9cc718c0e8065ad9189dcae15f62d03b916f

    • SSDEEP

      12288:gcRub/ryq8lZAkmHCmdsqhLZ5Ls90pPWRkg586aWHff:TRubDWokmiYV1Z5LsysB5O8f

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks