Overview

overview

10

Static

static

1

Overdue Invoices.exe

windows10-2004-x64

10

Befingring...nt.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue Invoices.exe

  • Size

    628KB

  • Sample

    240307-fj3k3see34

  • MD5

    96ae0e3a6a1553a97db15f694815c87f

  • SHA1

    1f64598e9643bfc0fbc851f223e32ddad72c612d

  • SHA256

    4490ebc3a2c6260e09ef8f4f71c08a7afc809630e56ec9e8e215a04935bb0394

  • SHA512

    f0e2979e615f95d157ca2fd6697ec6650c61f7af2aef4d4d11942796eb87776cbb93c382c031abfb8c691907dc48beaa9282ed0eb32485d1bfb0ef5d03015af9

  • SSDEEP

    12288:w38j5o5+HbWsXnE0QlpEMDmF691VC1gqMhtD4dW87cvvss5qZZsN:w3+bWsXZAPq63M1fMhtMDcvvssAsN

Score
10/10
agentteslaguloaderdownloaderkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Overdue Invoices.exe

    • Size

      628KB

    • MD5

      96ae0e3a6a1553a97db15f694815c87f

    • SHA1

      1f64598e9643bfc0fbc851f223e32ddad72c612d

    • SHA256

      4490ebc3a2c6260e09ef8f4f71c08a7afc809630e56ec9e8e215a04935bb0394

    • SHA512

      f0e2979e615f95d157ca2fd6697ec6650c61f7af2aef4d4d11942796eb87776cbb93c382c031abfb8c691907dc48beaa9282ed0eb32485d1bfb0ef5d03015af9

    • SSDEEP

      12288:w38j5o5+HbWsXnE0QlpEMDmF691VC1gqMhtD4dW87cvvss5qZZsN:w3+bWsXZAPq63M1fMhtMDcvvssAsN

    Score
    10/10
    agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      Befingringernes/Souchie/indlsninger/Casement.Sub

    • Size

      54KB

    • MD5

      0cd34cacd66cdbb2fc2efb1dfb83660b

    • SHA1

      9e5099e40637ec5cea43b20290632225bb42d61c

    • SHA256

      f41193f6e9bae66ed39755f91bebb1e5183afcd52d3afca61eaeda1ed6e0e153

    • SHA512

      2d97c2370d368d66a9c09f2d86b4be2e3a6db7d8d6ead6313bb3b7da87bf465ea24cb8f2575e08b23e467740b6e1f95983229e63937e90419f0e6bd678f3cc02

    • SSDEEP

      768:Yl84FUUzOdn1DufeNFJoTV/EdxRisWTvexL+ZnfY+FN50ErcXfiunMPxAt40RQm9:Yl8YF6DumNDopuKJeNNc3lfuntp1xJZ

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks