Overview

overview

10

Static

static

3

7b4164cc35...64.exe

windows7-x64

10

7b4164cc35...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71c8f4b6fe02eae1ae062af24d751674.bin

  • Size

    398KB

  • Sample

    230505-w52tnsde42

  • MD5

    be104a4651836a6a2771a52ff38cb0f8

  • SHA1

    655e77a571f665947d4207eb32031d60dd3da854

  • SHA256

    2e458fac49a9dbff3aaed5490489b577773b6b76792597b584df3ff9b2dff143

  • SHA512

    01bf79d838736093a7e2194293976a2834328b235543dfaed08f5ffb814647f347f42973ca0e128b2e771acd2c0a7f683d875bc49f4adcd53361c370903192af

  • SSDEEP

    12288:+QOh/ZvjbNCsZm2tyiwtpZhek26z6ocNh6:+QOh/VjBCsZm2tHwtjhi6zCNh6

Score
10/10
agentteslaredlinecollectioninfostealerkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      7b4164cc352f02f53d9f49d8a5d6df6221b85c5412fcb133462c5d779730dc64.exe

    • Size

      566KB

    • MD5

      71c8f4b6fe02eae1ae062af24d751674

    • SHA1

      f442aa3847109e33868e671d833314693f4202c1

    • SHA256

      7b4164cc352f02f53d9f49d8a5d6df6221b85c5412fcb133462c5d779730dc64

    • SHA512

      f9449e39035cac512dd5657d752ea7660f6148955af110e6a897a66a258e30b2ded77eb24221be202245804a8807c2c42f024822a559c1982c91f536f9705d86

    • SSDEEP

      12288:8YZ9daFLvg+AHMX89IX1p7X4Z36IeMLEJOXWV:8YZ9daFLvBAH7qX1FIZ3Leo6OM

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojanredlineinfostealer

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks