Overview

overview

10

Static

static

3

MV C.ATLAS...RS.exe

windows7-x64

10

MV C.ATLAS...RS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV C.ATLAS PARTICULARS.exe

  • Size

    700KB

  • Sample

    231211-swdtpsbhh4

  • MD5

    40a6aec425ccce9fd1a8e402e27dbd6e

  • SHA1

    d916a1e0641091654f515b522c65f8cdc70851d3

  • SHA256

    ade5d471bce12136dbdb044a73285664d32453f79b3b224130bde18e9f0a48ad

  • SHA512

    89611b88bc5b535a4af006c9bf6593eca5b1b422a8329f4a65bf5b04ac97bce68fa3a99723a4bca8cf6782168629c8c3816f733eeeae3dd8bdf21fd2b32fda1f

  • SSDEEP

    12288:Tw3IU8S6eUdHvN7bc2MfNFEW1DOyhUPk2ztAQSNJWMN5:TOItSAdPN7bc2MfNOW1DOeUPk2aQSqK5

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6842284005:AAEBxh6cL0NGDg-gb0BoH5Z7v4-Fv4B_wmo/

Targets

    • Target

      MV C.ATLAS PARTICULARS.exe

    • Size

      700KB

    • MD5

      40a6aec425ccce9fd1a8e402e27dbd6e

    • SHA1

      d916a1e0641091654f515b522c65f8cdc70851d3

    • SHA256

      ade5d471bce12136dbdb044a73285664d32453f79b3b224130bde18e9f0a48ad

    • SHA512

      89611b88bc5b535a4af006c9bf6593eca5b1b422a8329f4a65bf5b04ac97bce68fa3a99723a4bca8cf6782168629c8c3816f733eeeae3dd8bdf21fd2b32fda1f

    • SSDEEP

      12288:Tw3IU8S6eUdHvN7bc2MfNFEW1DOyhUPk2ztAQSNJWMN5:TOItSAdPN7bc2MfNOW1DOeUPk2aQSqK5

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks