Overview

overview

10

Static

static

1

7a189d9108...64.exe

windows7-x64

10

7a189d9108...64.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a189d9108184f0016e25c54c3f46f832669abd08c4c9bda427ef75614522f64

  • Size

    34KB

  • Sample

    231212-chmxfsdbbr

  • MD5

    ca0f3fee83088ec1f2c80ae0d5019737

  • SHA1

    d893377e3a558a785f547e3b4de6b99281e2b90e

  • SHA256

    7a189d9108184f0016e25c54c3f46f832669abd08c4c9bda427ef75614522f64

  • SHA512

    7c77a5e549cacb14900ea92367259f5a5fba96539ea026186f7965892ebdf2bc1945bbf99bdcb99a4c3fd71949f6b554f303c28782fd09414309eea4309a2185

  • SSDEEP

    192:avTbkP7xsj0xBG9nZhjnYe+PjPpFrD7nDWpHiFrD7nDWpHgRfH0JOqsmVgz28Wh+:nDx1KXnYPLpFzDGiFzDGe8JN77hh+b

Score
10/10
agentteslazgratkeyloggerpersistenceratspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    server1.sqsendy.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    &qZV17u[D~36

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      7a189d9108184f0016e25c54c3f46f832669abd08c4c9bda427ef75614522f64

    • Size

      34KB

    • MD5

      ca0f3fee83088ec1f2c80ae0d5019737

    • SHA1

      d893377e3a558a785f547e3b4de6b99281e2b90e

    • SHA256

      7a189d9108184f0016e25c54c3f46f832669abd08c4c9bda427ef75614522f64

    • SHA512

      7c77a5e549cacb14900ea92367259f5a5fba96539ea026186f7965892ebdf2bc1945bbf99bdcb99a4c3fd71949f6b554f303c28782fd09414309eea4309a2185

    • SSDEEP

      192:avTbkP7xsj0xBG9nZhjnYe+PjPpFrD7nDWpHiFrD7nDWpHgRfH0JOqsmVgz28Wh+:nDx1KXnYPLpFzDGiFzDGe8JN77hh+b

    Score
    10/10
    agentteslazgratkeyloggerpersistenceratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks