Overview

overview

10

Static

static

3

IBDETN.iso

windows10-1703-x64

3

IBDETN.iso

windows11-21h2-x64

3

out.iso

windows10-1703-x64

1

out.iso

windows11-21h2-x64

1

IBDETN.exe

windows10-1703-x64

10

IBDETN.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    IBDETN.img

  • Size

    504KB

  • Sample

    240307-p2bprabc68

  • MD5

    eb5696eb21168e82bf1c911a98ba679a

  • SHA1

    762b4c4c68ee1be81274c0c2a7c2082274237b21

  • SHA256

    f91922fbdfba9ebcb266bea40a7c8c82f2152a7924649c01d6ff716c5227945c

  • SHA512

    95e554ce372035b128cdbaa7f4d8aaca46363e73f66550ff167bc7ff3fd5d9107f30463022ee3b9b7fad8d355712c5fc6b6ff4cd701e883bd00f58a21c4d5399

  • SSDEEP

    12288:TzzFUmAvADG6q4d22EOOpZqi3R91gtyuRV/Sxd6n5s6MCdlIU:TPa8jQjqirO3RV/L/9E

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5870878058:AAEtYpDY1LBnBQGwZvkWktoa3wzKq0kSk78/

Targets

    • Target

      IBDETN.img

    • Size

      504KB

    • MD5

      eb5696eb21168e82bf1c911a98ba679a

    • SHA1

      762b4c4c68ee1be81274c0c2a7c2082274237b21

    • SHA256

      f91922fbdfba9ebcb266bea40a7c8c82f2152a7924649c01d6ff716c5227945c

    • SHA512

      95e554ce372035b128cdbaa7f4d8aaca46363e73f66550ff167bc7ff3fd5d9107f30463022ee3b9b7fad8d355712c5fc6b6ff4cd701e883bd00f58a21c4d5399

    • SSDEEP

      12288:TzzFUmAvADG6q4d22EOOpZqi3R91gtyuRV/Sxd6n5s6MCdlIU:TPa8jQjqirO3RV/L/9E

    Score
    3/10
    behavioral1behavioral2

    • Target

      out.iso

    • Size

      504KB

    • MD5

      eb5696eb21168e82bf1c911a98ba679a

    • SHA1

      762b4c4c68ee1be81274c0c2a7c2082274237b21

    • SHA256

      f91922fbdfba9ebcb266bea40a7c8c82f2152a7924649c01d6ff716c5227945c

    • SHA512

      95e554ce372035b128cdbaa7f4d8aaca46363e73f66550ff167bc7ff3fd5d9107f30463022ee3b9b7fad8d355712c5fc6b6ff4cd701e883bd00f58a21c4d5399

    • SSDEEP

      12288:TzzFUmAvADG6q4d22EOOpZqi3R91gtyuRV/Sxd6n5s6MCdlIU:TPa8jQjqirO3RV/L/9E

    Score
    1/10
    behavioral3behavioral4

    • Target

      IBDETN.exe

    • Size

      454KB

    • MD5

      8471b9db1214920fdd671b1dcc918ecb

    • SHA1

      ae3797cd019f52e1ded3d570bc25d2971919dbeb

    • SHA256

      cb0c15dced352f0d8bec7ea8e3c2cd0488260c84dc73843d4929b43deb6fced0

    • SHA512

      fad69abbc0142c0fb6d553a55c3119d795d9c1e12c484de963947e6db45fa4a2a09b966ded452ad02a0307988443df54cd54c6c38325436ffbd30342a62a7c1d

    • SSDEEP

      12288:9zzFUmAvADG6q4d22EOOpZqi3R91gtyuRV/Sxd6n5s6MCdlIU:9Pa8jQjqirO3RV/L/9E

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks