Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d51abb49a25ea3dafda19148108c3326fc41fa2a1dff88aed615fa9027b2b972

  • Size

    799KB

  • Sample

    231208-hzm7fabb3w

  • MD5

    b488be4699206f2c9c43c007f190816f

  • SHA1

    ff4b89f08a7c8ce0a87e504719389c0e8278675e

  • SHA256

    d51abb49a25ea3dafda19148108c3326fc41fa2a1dff88aed615fa9027b2b972

  • SHA512

    d152bd6cf2eb514bc3faf83219e719283ef98b99d3c0648a79bac588869e7254c3dc697829d8a996690ac3421058f423bde7560cd254effe393ff944f62a5ee7

  • SSDEEP

    12288:GwL9yKE6jD/62iNG5nF82rkDnge2LyRkkUsHnKQKAhkjJhJzsotn5TvNzbvZjC:FAKtD/61IU0e2slUsqQWjJzzsonBhjC

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6670271579:AAHln7Op0JjSMa92pjMiSLRC0uIRAw3DqMQ/

Targets

    • Target

      d51abb49a25ea3dafda19148108c3326fc41fa2a1dff88aed615fa9027b2b972

    • Size

      799KB

    • MD5

      b488be4699206f2c9c43c007f190816f

    • SHA1

      ff4b89f08a7c8ce0a87e504719389c0e8278675e

    • SHA256

      d51abb49a25ea3dafda19148108c3326fc41fa2a1dff88aed615fa9027b2b972

    • SHA512

      d152bd6cf2eb514bc3faf83219e719283ef98b99d3c0648a79bac588869e7254c3dc697829d8a996690ac3421058f423bde7560cd254effe393ff944f62a5ee7

    • SSDEEP

      12288:GwL9yKE6jD/62iNG5nF82rkDnge2LyRkkUsHnKQKAhkjJhJzsotn5TvNzbvZjC:FAKtD/61IU0e2slUsqQWjJzzsonBhjC

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks