Overview

overview

10

Static

static

3

Hpbinymcv.exe

windows7-x64

Hpbinymcv.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Hpbinymcv.exe

  • Size

    367KB

  • Sample

    231207-r44vescc25

  • MD5

    5199e85b0c1149366cad61fb1b777e26

  • SHA1

    c8796fb6fb49017c08a7e17518ec8f70a01cc941

  • SHA256

    90c7b6bd3fd954125e071fca9a96c398d2c7c337e150b79c3629285858dd476c

  • SHA512

    23c1c2ee74c77a693368dbaa00e21a16a86a2063b0b0c646dee703cdc502d18f99e0558a9810b71d6016484a3926e29baef749ad063a645a8e66324a5c26740b

  • SSDEEP

    6144:Y9YIxlje/RK9Xgg643BxGbVs/rpFoSM4md4/mWrO3g/VwThi68dFfUdYRosJmPX7:Y9YIxNJ9L643BxbcSPO4uWrZdYi68bwl

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.asiaparadisehotel.com
  • Port:
    587
  • Username:
    asia@asiaparadisehotel.com
  • Password:
    ^b2ycDldex$@

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.asiaparadisehotel.com
  • Port:
    587
  • Username:
    asia@asiaparadisehotel.com
  • Password:
    ^b2ycDldex$@
  • Email To:
    europe@asiaparadisehotel.com

Targets

    • Target

      Hpbinymcv.exe

    • Size

      367KB

    • MD5

      5199e85b0c1149366cad61fb1b777e26

    • SHA1

      c8796fb6fb49017c08a7e17518ec8f70a01cc941

    • SHA256

      90c7b6bd3fd954125e071fca9a96c398d2c7c337e150b79c3629285858dd476c

    • SHA512

      23c1c2ee74c77a693368dbaa00e21a16a86a2063b0b0c646dee703cdc502d18f99e0558a9810b71d6016484a3926e29baef749ad063a645a8e66324a5c26740b

    • SSDEEP

      6144:Y9YIxlje/RK9Xgg643BxGbVs/rpFoSM4md4/mWrO3g/VwThi68dFfUdYRosJmPX7:Y9YIxNJ9L643BxbcSPO4uWrZdYi68bwl

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.