Overview

overview

10

Static

static

FORMAL_B.exe

windows7-x64

10

FORMAL_B.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Formal Bill.iso

  • Size

    1.2MB

  • Sample

    230106-l6smaaff87

  • MD5

    fa84308da9e027ac1f205bb0f6131a13

  • SHA1

    f9e8c16cab44f690190809d1fcb7dbc26a65ff06

  • SHA256

    5fe8ffc59521d84cc04a6e138b0426b11ca5b836f840034c4c095b76714a8547

  • SHA512

    63dba8d112c3857e9af2c9cde5dff0561e44a171d95924e6e5fccf8c1af639eab598db3b27fd7b50fd85b720edf1ef2a9437a37c5f3076901f7ce7719d4b1a31

  • SSDEEP

    12288:zex1HsAa1AR5M6jCDknVBzcQ5/boNv/cLUt8IHFppV288NTYY7:yx3a1sNGDGV3FAAIH+88NTYY7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      FORMAL_B.EXE

    • Size

      667KB

    • MD5

      8df8ab7204e57429999d3d8d05c98cb2

    • SHA1

      07269ca1f7ee57c0023562af092bfc4ac058308f

    • SHA256

      ffafcbbf3656e0ace64d99d6e93abd741386bf0a4542839a5c8b9db8414b7a1e

    • SHA512

      a233371be591a6d306499de1b31b57ceefbb2d515966e8d408f6279317579d2435c6175c32c2f1e7085d9410de7804d5a0981c88d3d956e7be8950402e2b3ba0

    • SSDEEP

      12288:3ex1HsAa1AR5M6jCDknVBzcQ5/boNv/cLUt8IHFppV288NTYY7:Ox3a1sNGDGV3FAAIH+88NTYY7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks