Overview

overview

10

Static

static

1

0153b116e6...66.vbs

windows7-x64

10

0153b116e6...66.vbs

windows10-2004-x64

10

8624e09793...a0.dll

windows7-x64

1

8624e09793...a0.dll

windows10-2004-x64

3

d42ce863d0...be1.js

windows7-x64

1

d42ce863d0...be1.js

windows10-2004-x64

1

ed7b525ff2...7.xlsx

windows7-x64

1

ed7b525ff2...7.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f03875031911049628277314fa9677e7e8fe82c63ed40bf3ac707cbab061c9fe

  • Size

    1.2MB

  • Sample

    240327-cracqadd31

  • MD5

    0518ebd7124e09461b4297950d6f9763

  • SHA1

    32bc1f4d5706b850c13a9956708ba5c51f0131cb

  • SHA256

    f03875031911049628277314fa9677e7e8fe82c63ed40bf3ac707cbab061c9fe

  • SHA512

    947aa3ff34ddec88a4dcb100059d7540722c87198dbc6152c4d07e8b343e62ae097e8f9a8ac81283fa5fe16e8a1734a449d1bc76232378ad6866db8c039c0bba

  • SSDEEP

    24576:AVok8SQiba4mgMMRLA9CX81k9KfYhAnAkU8oSKp:AKRQLMimCT9KwhAtdQ

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.albuspsikoloji.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bukky101@

Targets

    • Target

      0153b116e6a412cfd8dbf868de5cae3a8b3303c550eba80a0605ad4acfda6c66.vbs

    • Size

      292KB

    • MD5

      37241a1c4e55aa3638eaece31fe885fa

    • SHA1

      e0f21d93d124f5bc0de9a50a1b1d16326654faad

    • SHA256

      0153b116e6a412cfd8dbf868de5cae3a8b3303c550eba80a0605ad4acfda6c66

    • SHA512

      006a918eee5198e9bdfb6f7ae557cea57a343f25734452ec73c1df2275ab7723fa5e360404763994fd239b2a127d61a2b35f18ff2510fc6b4fd2c1bd3fa6b707

    • SSDEEP

      3072:XYFEhNe4VTdRnTT8w4TWX7ZIgJdpe+og0S7A:XYFY7E

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      8624e09793361dd3a022021a93a17e3b755c256e0a10928b505257bb04f4d5a0.dll

    • Size

      1.9MB

    • MD5

      f0c2bcc63376572c1ee741505e8ac11b

    • SHA1

      fefff0f17aaa8ab5905e43a1ff47db685776bfa6

    • SHA256

      8624e09793361dd3a022021a93a17e3b755c256e0a10928b505257bb04f4d5a0

    • SHA512

      56af36b2e62945de44a7b4625daea73978e04241135b2980c78a57cfe7c7b10683f609102d558ebd981f6599a531f74fa586f21472de09e5e16e863ecec0c280

    • SSDEEP

      49152:GFRbq3P4BanfH1LkuvhgQd8dsXnDjHxKoZX9uNf5/gIHYtQTS30:Aq/4BanfJk2WQ2dsXnDTxSNR/gIHx

    Score
    3/10
    behavioral3behavioral4

    • Target

      d42ce863d02bc970b632e8f6794d433fe059670f1bcd42aaec99bac868d6ebe1.js

    • Size

      320KB

    • MD5

      83f9422da81d3c26f22420118eebb0c9

    • SHA1

      5aaea6fbbef5d16e0e001110ee5f298257d016d7

    • SHA256

      d42ce863d02bc970b632e8f6794d433fe059670f1bcd42aaec99bac868d6ebe1

    • SHA512

      417636f6034ce00416899a7e8985f8e1576f6b813ffa8e7ff2973319970dd7e1378eb8bd15e0bc4559a612e59eccaa9daaef3216e097185656dbb88ea066579c

    • SSDEEP

      6144:w1LLuFuk4xdLIVerYUUq9gUp+C9I3qrDes/:whu0qVg8uDes/

    Score
    1/10
    behavioral5behavioral6

    • Target

      ed7b525ff2b5d6c2a63878a1d7594b12025f3d7525898adb3c02cb958df09be7.xlsx

    • Size

      125KB

    • MD5

      594b073b5b5d30deedf9b4c045b63f7e

    • SHA1

      ce4c3d5b9d7865d732e8edc2ee077ecfacc230ed

    • SHA256

      ed7b525ff2b5d6c2a63878a1d7594b12025f3d7525898adb3c02cb958df09be7

    • SHA512

      57f184eb98feb70bc92ad0762c8ba598a0860cb5a53307b8af4735f26e9b7964d984d5145af54f8466718e97a369bf9afe120286172544a2d05e5af4b15ad54d

    • SSDEEP

      3072:HdALcrcUNpHoD1ANvzCtmwkEa+EdeG9UgicNvEDS6J9:HG446pikzCkrEaddeG9Ugi6+S69

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks