Overview

overview

10

Static

static

3

237a9a1345...e2.exe

windows7-x64

10

237a9a1345...e2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de310f037110ce251ad1c23f09318c29.bin

  • Size

    681KB

  • Sample

    240118-eav9zacbbn

  • MD5

    71677f1eaa7089faccdc5ed2887d383d

  • SHA1

    8ad4f823d19fc2e4933ad271c66e0a56711eaf00

  • SHA256

    53d199cbcac63a4e51807f6ffd4bedb0ceea95060c4a3d8cc7fa315666f99b2a

  • SHA512

    d44ab603449488a48d7f7412c6a9367be38e34a5bfec5d47f3943ee5609da7f793063f2449919fb16e40682400681c831e448f8a043cb0790d42d49f8a104a1f

  • SSDEEP

    12288:es4FHjKK9OIwpRnDc5AhSrEa3c5pOgVnp8vEgee+VvwG5YVorvtduL5AG6Lo/wze:eL9rmiAArEa3czOgZp8v5eltqoZML5Ay

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.pharmacell.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fatih-2015a

Targets

    • Target

      237a9a1345466333a1dd02477c5a1f9fe1ce0078f869e397db00ac84516060e2.exe

    • Size

      851KB

    • MD5

      de310f037110ce251ad1c23f09318c29

    • SHA1

      46310a5a3997575f8b4df66ebda2707061f517aa

    • SHA256

      237a9a1345466333a1dd02477c5a1f9fe1ce0078f869e397db00ac84516060e2

    • SHA512

      16e845a708f2d219b17beb9a25dbe3fe198bcfad87205bbfd3da0b13cc0a607ffd3330533f8caff176d336c90437adfc2ec3addfa35f6322357a5aa701f26e96

    • SSDEEP

      24576:cbGLYrmqV26Q+/DLXW/rIeH4OxLNILj+:yGLYrPV24XWjIcwL

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks