Overview

overview

10

Static

static

3

SecuriteIn...18.exe

windows7-x64

10

SecuriteIn...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.10498.26418.exe

  • Size

    51.0MB

  • Sample

    231211-lar1wacbc2

  • MD5

    b9b33a35bb9d8e6a9d491825e355aef1

  • SHA1

    a877ac087447e7319d87b583fc996f964ecc9d9d

  • SHA256

    683f7a41a16eef118689f586af3dd3567509826570580ede387bce254a15d1f7

  • SHA512

    b3517a231ad8aa9d92fb65790ce202d86e585d6274640fbfe670e43fc20575836819e1d3080a3f358b5f952c04f533e4caedc31069d260eaa347ff23dc45d3a4

  • SSDEEP

    12288:13IU8S6eUdu0U8b4WLakpepXooipXk5o60CzcdHj+tmcQxBcmGYG:dItSAdvt4WLFpe5oog+cdHjJPcm

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.flecon.com.sg
  • Port:
    587
  • Username:
    jin@flecon.com.sg
  • Password:
    8CJN6A87XUIU
  • Email To:
    rickssales@yandex.ru

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.flecon.com.sg
  • Port:
    587
  • Username:
    jin@flecon.com.sg
  • Password:
    8CJN6A87XUIU

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.10498.26418.exe

    • Size

      51.0MB

    • MD5

      b9b33a35bb9d8e6a9d491825e355aef1

    • SHA1

      a877ac087447e7319d87b583fc996f964ecc9d9d

    • SHA256

      683f7a41a16eef118689f586af3dd3567509826570580ede387bce254a15d1f7

    • SHA512

      b3517a231ad8aa9d92fb65790ce202d86e585d6274640fbfe670e43fc20575836819e1d3080a3f358b5f952c04f533e4caedc31069d260eaa347ff23dc45d3a4

    • SSDEEP

      12288:13IU8S6eUdu0U8b4WLakpepXooipXk5o60CzcdHj+tmcQxBcmGYG:dItSAdvt4WLFpe5oog+cdHjJPcm

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.