Overview

overview

10

Static

static

1

FACTURE_.chm

windows7-x64

10

FACTURE_.chm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Facture 20230412-0724.img

  • Size

    1.2MB

  • Sample

    230412-hp5czacb5z

  • MD5

    f543dc0c5da3a12f5a900cf2922bc7bf

  • SHA1

    7e3bd0b48fbc7b9ee7d1d9c4796ceb583276931c

  • SHA256

    033758dbc1ab6f9f886e3bb6ff552f753d7dddbeb477f42ec228e420a6f34e11

  • SHA512

    79f25cc67ba889d4ab6b6fb354d0f43eb7f9a32481b86c8122bbce4bc7df6377bd04fce346718853b6a6d68a11f5cebc5718a680c4721147dd2fed9d7e3a5852

  • SSDEEP

    192:doh/DN07A87fDT/i1gtElXYSRQyBRobaycV8rRqiDjYX:YcXa1gtWXYSRQ4cayVleX

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://linado.lt/J7.jpg

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.kamen.si
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Motherland23@

Targets

    • Target

      FACTURE_.CHM

    • Size

      15KB

    • MD5

      7074f8f5a3355c9bddec17025f30ec72

    • SHA1

      801809828ef905fe29f8f96f9633c38d2749a438

    • SHA256

      b418af4dc3b0cc92eb25863dc3525421d3ae4c358150e94728d51837443fd65f

    • SHA512

      c86b657207cc5c117c4932cad722c27203762162afa48d1cb9d741135c25f7642bad54c2af0875d2e4c8134d0fc5d79456ed61607b6738c5a1b790e1c4a75719

    • SSDEEP

      192:W87fDT/i1gtElXYSRQyBRobaycV8rRqiDjYX:WcXa1gtWXYSRQ4cayVleX

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks