Overview

overview

10

Static

static

1

c0a399a983...fa.exe

windows7-x64

10

c0a399a983...fa.exe

windows10-2004-x64

10

Forvrider/...al.ps1

windows7-x64

8

Forvrider/...al.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c0a399a9834cb234deda780178eaed04b01a18786200ae227241d520d1151ffa

  • Size

    647KB

  • Sample

    240405-bxw81age3s

  • MD5

    461f74a275f94ceac0e28d9bcad78c55

  • SHA1

    ce1a10258dd458b19023a31dfd9387a4c9559b51

  • SHA256

    c0a399a9834cb234deda780178eaed04b01a18786200ae227241d520d1151ffa

  • SHA512

    1491dd84234b50b26eb09c719ebfabf3cb330a847be0a538d3fd2f8144e06b393b744b2b2a6fbfb68be373a815fc97e3ae5320e8997bd30ff7a8074ee861e7d5

  • SSDEEP

    12288:YXRAvufNFTr7LK1jIGvKDdGSWWswNCgXu/H+nR9lWqwDwmuu6TNxFu+Y:YXRyUNJr7LpGvKDMV32sH+sPqu6hxFut

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c0a399a9834cb234deda780178eaed04b01a18786200ae227241d520d1151ffa

    • Size

      647KB

    • MD5

      461f74a275f94ceac0e28d9bcad78c55

    • SHA1

      ce1a10258dd458b19023a31dfd9387a4c9559b51

    • SHA256

      c0a399a9834cb234deda780178eaed04b01a18786200ae227241d520d1151ffa

    • SHA512

      1491dd84234b50b26eb09c719ebfabf3cb330a847be0a538d3fd2f8144e06b393b744b2b2a6fbfb68be373a815fc97e3ae5320e8997bd30ff7a8074ee861e7d5

    • SSDEEP

      12288:YXRAvufNFTr7LK1jIGvKDdGSWWswNCgXu/H+nR9lWqwDwmuu6TNxFu+Y:YXRyUNJr7LpGvKDMV32sH+sPqu6hxFut

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Forvrider/Laserstraaler/curwillet/Innatural.For

    • Size

      58KB

    • MD5

      5358906fc6c6a2964b35ad7b35bbdc18

    • SHA1

      0359b2ef0bd2ef026044c36bf7a991406f0979f3

    • SHA256

      5661d74c0e0b18aa9098680f226fa04ed698b7657add95ad90369cc94a59d3f7

    • SHA512

      25cbda18e3d442714a765ab3de5041366c3bc1017a21536579cfcd37cd78774a9cdefe1409c0710e54dd6d07b591d9434627d04b9f0e49fdcb513dafac752ea5

    • SSDEEP

      1536:rsemFGJSEAk1yhSG/QTWga/t9lqp1tV6APUw:wemFGJSPu+Xgqxqp1n6mUw

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks