agenttesla | d3644e3b175de5ba44b02e6098bc78cca3fa94ccfee14296f488da9d2273da8e | Triage

Submit
Reports

Overview

overview

Static

static

f_000263.gz

windows10-2004-x64

sample.js

windows10-2004-x64

1

Resubmissions

02-04-2023 01:42

230402-b43dlafc8z 10

02-04-2023 01:25

230402-bs8q8sfc21 10

Sharing

General

Target

f_000263
Size

100KB
Sample

230402-bs8q8sfc21
MD5

52ed29d7705270875a4fc90bcfbeebfc
SHA1

81716e1b0c9f5888618b21e7762f5dc472e0ef16
SHA256

d3644e3b175de5ba44b02e6098bc78cca3fa94ccfee14296f488da9d2273da8e
SHA512

7d00b5e3a2060a4250768f7b906d1acfdcfb8cddd8b9036634c2274161d36b8dcba661d11adf9196158b7553b864cefe45555a5445fd343927fb8e17e36abcc7
SSDEEP

1536:tcDj6aAaKkGC8afCIl/PT0sAmfYoD6761p6Z0GHoZ6f33+rQd3FnkeditHd1M+:C6aIxC8ICGzSoDwoczH5nkF91M+

Score

10^/10

agenttesla darkcomet darktrack lockfile m00nd3v_logger masslogger matiex mountlocker shurk stormkitty surtr vulturi xmrig zeppelin discovery infostealer miner persistence spyware stealer

Static task

static1

infostealer miner agenttesla darktrack lockfile m00nd3v_logger matiex shurk stormkitty surtr vulturi zeppelin masslogger mountlocker xmrig darkcomet

27 signatures

Behavioral task

behavioral1

Sample

f_000263.gz

Resource

win10v2004-20230220-en

discovery persistence spyware stealer

windows10-2004-x64

36 signatures

150 seconds

Behavioral task

behavioral2

Sample

sample.js

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  f_000263
- Size
  
  100KB
- MD5
  
  52ed29d7705270875a4fc90bcfbeebfc
- SHA1
  
  81716e1b0c9f5888618b21e7762f5dc472e0ef16
- SHA256
  
  d3644e3b175de5ba44b02e6098bc78cca3fa94ccfee14296f488da9d2273da8e
- SHA512
  
  7d00b5e3a2060a4250768f7b906d1acfdcfb8cddd8b9036634c2274161d36b8dcba661d11adf9196158b7553b864cefe45555a5445fd343927fb8e17e36abcc7
- SSDEEP
  
  1536:tcDj6aAaKkGC8afCIl/PT0sAmfYoD6761p6Z0GHoZ6f33+rQd3FnkeditHd1M+:C6aIxC8ICGzSoDwoczH5nkF91M+
Score

8^/10

discovery persistence spyware stealer
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies RDP port number used by Windows
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1
- Target
  
  sample
- Size
  
  405KB
- MD5
  
  1cbbb572f88a23f55f086b96327fe5e0
- SHA1
  
  6d1593368828198dfb5b9eceaab71f49aa535c40
- SHA256
  
  0b339883d9d76c11e4b22915fa67303fb4302d9855e219db7e803e693e6fb899
- SHA512
  
  dcab6c6025ca9da5301cb6913be35d4285d1ceecc9bd811dfd23727b1b2a14618f3e7a98c18d7a335373c5160c9cb5f62c10f0385387ab7417fc917283981ffd
- SSDEEP
  
  3072:WV9Es470kT97kFUxz3mKMACR3R7DyWvEXNemiS0KPMID5whT0bMNj67:dwkwM3zUJtMtwmIj67
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

infostealermineragenttesladarktracklockfilem00nd3v_loggermatiexshurkstormkittysurtrvulturizeppelinmassloggermountlockerxmrigdarkcomet

behavioral1

discoverypersistencespywarestealer

behavioral2

© 2018-2024

Terms | Privacy