Overview

overview

10

Static

static

3

Balance Co...df.exe

windows7-x64

10

Balance Co...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06122023_1509_05122023_Balance Confirmation_pdf.rar

  • Size

    262KB

  • Sample

    231206-hzaw4scd63

  • MD5

    3b5251ebccb8aa9d70c838c5e331a6b3

  • SHA1

    5b8e0235194745871c9627e62997affe282ba12b

  • SHA256

    202f61f66ee024710aa7b49719cbc38ccc6bf07719eea960217661bc0ae03dac

  • SHA512

    80217d72267b944e7bcc1736a1d66ca9c840544dcda3ea1a50ee27707def404d328521d27414ec86acc966a9e4ea8cb3fdc4a260698e31a3202dbcd962e17627

  • SSDEEP

    6144:ah24CCTJev8TftXmfd0rsHjTxTlzLOsTemp19NS8NqHqlRGEC:q24CCTmgt2fy0JLOsTemjS8NoqlRGEC

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://mydevelopmentstory.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    ENugu@042EN

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mydevelopmentstory.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    ENugu@042EN

Targets

    • Target

      Balance Confirmation_pdf.exe

    • Size

      343KB

    • MD5

      175320e35a91aa8415e3b08ea6e5bdc6

    • SHA1

      1639248526ceef472194ba43252741cfb1e4698f

    • SHA256

      5fe3691051b15363c0cb99225680eadf139d815a078bb8e35d6acdfa59992104

    • SHA512

      fce970be9c4ec7779e153ff9a1803d8b673e5ba6440999c74e7e4a562e37ef69e40a4a751c300c0dcfaac4ea11d29edb6ef2d4d527d17c005c152fdd3bb7a03a

    • SSDEEP

      6144:M+NN8s91BMtFaG81g5qJRn4xxL2l6IKH+uFP4VYQXXepDzMYgA5YuvsuFie:fL1BoFaG81S0Rn4xtB9Q2QXMMcZvwe

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks