Overview

overview

10

Static

static

10

2588-20-0x...ry.exe

windows7-x64

10

2588-20-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2588-20-0x0000000000620000-0x0000000000662000-memory.dmp

  • Size

    264KB

  • Sample

    231210-t46p5agbcm

  • MD5

    78649a456b4564608a726c5267c217cf

  • SHA1

    450b9642bcd9317a32ea00cab802f2f8a21dc55d

  • SHA256

    b539af50fb1f4a2dac1b502eae1085e2a89d32b9bea24454b1c721caf49a2185

  • SHA512

    ebc0bdd2e43177d1c8458e7ed4288398423ca7c541dfae66646439214b2e9968f2eba5fc32a43e9506cafd212c3d3e8fb9f6519d8ba91309053840771874345d

  • SSDEEP

    3072:OVoUEQ8wEQnvXmohpF+ojbkTToy5IuR4F+O:lUEQ8wEQnPx7FVbaM4Rs

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    pedophile@siscop.com.co
  • Password:
    +5s48Ia2&-(t

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.siscop.com.co
  • Port:
    21
  • Username:
    pedophile@siscop.com.co
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      2588-20-0x0000000000620000-0x0000000000662000-memory.dmp

    • Size

      264KB

    • MD5

      78649a456b4564608a726c5267c217cf

    • SHA1

      450b9642bcd9317a32ea00cab802f2f8a21dc55d

    • SHA256

      b539af50fb1f4a2dac1b502eae1085e2a89d32b9bea24454b1c721caf49a2185

    • SHA512

      ebc0bdd2e43177d1c8458e7ed4288398423ca7c541dfae66646439214b2e9968f2eba5fc32a43e9506cafd212c3d3e8fb9f6519d8ba91309053840771874345d

    • SSDEEP

      3072:OVoUEQ8wEQnvXmohpF+ojbkTToy5IuR4F+O:lUEQ8wEQnPx7FVbaM4Rs

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.