Overview

overview

10

Static

static

3

Statement ...ts.exe

windows7-x64

10

Statement ...ts.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    StatementofAccounts.r00.bin

  • Size

    599KB

  • Sample

    230505-zsfbpaee48

  • MD5

    89a5396e1ff59b096539ddbdef9d76f8

  • SHA1

    4315194bd8b4f0fceb8c650b61f0ef35ec136b4e

  • SHA256

    af8ea3391f63a73b7837e03b00ad457846de93a011f1159709d185ad78e5b94b

  • SHA512

    b7bf9b1179ee7eccc7f6c0d33b4edf24035b38150e150ff6c7f50642c4212a00df8398e92797ea6b8aa06baa4f90f2af19e117cd8b460d48dcd3e7e8476aa66f

  • SSDEEP

    12288:dSjbXw4H/Ediv+vkns/Kf+3QF0nzNf1hKA7+XYwWz8m9UphGj1fKr7:IXXw4H/uhv8s/Kf+gF0nz517wJyxpfKX

Score
10/10
agentteslaredlinecollectioninfostealerkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.alsajid.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    passwordreset8481

Targets

    • Target

      Statement of Accounts.exe

    • Size

      841KB

    • MD5

      b39d53b75a187cc348e74b3c78101364

    • SHA1

      3217a889aae78659d9f2652965a2fa044b30369d

    • SHA256

      d46b8526a8a8b3ad723d25036a6d692009245eb965d64576e90915ae877f9eb5

    • SHA512

      5095c62401cba3b276775f8377a1808cdb305da6fc2710d30093a0d77fe61ba59758839facf5ea9602ad5ac88681a59341f085f80f445ea0a516a46cbbdd836d

    • SSDEEP

      12288:ta/9WflU/9eyH7BOGdBFkHD4h2doQI8kTLjmXQ/ufv9x7GXtqx:oylUZ7BOoeuCoF8kvx+zz

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojanredlineinfostealer

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks