Overview

overview

10

Static

static

3

PUK ITALIA...49.exe

windows7-x64

10

PUK ITALIA...49.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5777c8b62a8be41c8b94267b0f09a02d.bin

  • Size

    639KB

  • Sample

    240316-bq6tvsab35

  • MD5

    8482099f84dfc5302ac5722cb291de76

  • SHA1

    e29d3a4c63b96561197d3824211a8d1e18991dc8

  • SHA256

    a7ecfc62cb38f2052402cfe325e75f54b908a815377d1ba78ff546e1cdb21459

  • SHA512

    47eb7bde6191660602a89f2bfc32927f92ddc79ac21aaebffd0f3b6c14d9fc31d26fc93fd85d93f85820dddcf2154fd14b7a62c88b36d7f8406d646de25bafd7

  • SSDEEP

    12288:cbjDnW2mbcMBW3BYRCGoIOlWU72qfskAPrDy/afB0ct0X8:uDnVmbcGcYoYPIhV2NfBD+8

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.alltoursegypt.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    OPldome23#12klein

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PUK ITALIA PO 120610549.exe

    • Size

      650KB

    • MD5

      876bdd759d990110a2bbd617b0f2c549

    • SHA1

      dec55c0273518038e0f2cdabe94d0d33e6fb1704

    • SHA256

      066beb79d6fc244e4fc3db3cae1af40749798a52f6b5796f14e3612e1498bf73

    • SHA512

      b3f8f1d0cc8a743e907877e699fedf08fe0482aed2d7902a93497d773978bf01d0e78a81341dcd5a6ff0019cfdf43f1cd68d7952dc9f853b2dd2eecc471a23b6

    • SSDEEP

      12288:gsJTENl3a+1+UxRhsZzc3LKEUfzPdvpkF55CSuGxCkckJ+ZWsfeXjZ:BxENllxzsZzALKxuHuG7JYWsWXjZ

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks