Overview

overview

10

Static

static

1

Maksajuma ...df.bat

windows10-1703-x64

10

Maksajuma ...df.bat

windows10-2004-x64

10

Maksajuma ...df.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Maksajuma Kopija_ Swedbank_Pdf.img

  • Size

    1.2MB

  • Sample

    240328-kf8edagd7s

  • MD5

    f3706d2e0eeb05d52f3a7dbf07099575

  • SHA1

    611878de05446ae35a3c4ef6605e6cc6f47f7e03

  • SHA256

    238d9e9b6416b65d729dacf0a65d408182d2b158a9fdaade2f1ea8316a1078d9

  • SHA512

    ccc6651a4b037e8bb192369df24d4d294a2f33514c445bcf7d478b4dbea2bfd24166abe36dac0352d7458d5e7ed7eb06e1a315440986d3accc2a0bfb26a47d57

  • SSDEEP

    3072:i7LP9R7YyEyEAxFAAa37c8eX8Y2y/429sqhKp6ua5u1iCZyNRZU8cLnd:oR7YpAxjWc8eX9/42NhEa50ezcLnd

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.aist.lv
  • Port:
    587
  • Username:
    info@aist.lv
  • Password:
    WoodIsaev88

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.aist.lv
  • Port:
    587
  • Username:
    info@aist.lv
  • Password:
    WoodIsaev88
  • Email To:
    remiset@remisat.com.uy

Targets

    • Target

      Maksajuma Kopija_ Swedbank_Pdf.bat

    • Size

      191KB

    • MD5

      235301817498be96c6d65a417cc443c7

    • SHA1

      7521769e3b245c2569fb1fa712762fcbdfdf604d

    • SHA256

      51f353ec3f19b4fc3acc056ae3dc07247e7b3a212c68149cdb08c7d0c62b4d2d

    • SHA512

      94fb845b5fd5ef8d34ed1c8e49ec3670da6ff9bf316bf445745081a62696ccc713d1fa1ae4c325f3647103bc4adf892e5f2fd4eda64075e6dd2ed2d6a2b2ff81

    • SSDEEP

      3072:MLP9R7YyEyEAxFAAa37c8eX8Y2y/429sqhKp6ua5u1iCZyNRZU8cLndj:MR7YpAxjWc8eX9/42NhEa50ezcLndj

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks