Overview

overview

10

Static

static

3

12d4a1c978...34.exe

windows7-x64

10

12d4a1c978...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12d4a1c97873ee94b9b371666debc07aea1fd56d8afda6d023d2426bc54f6e34.exe

  • Size

    2.4MB

  • Sample

    240418-h1cr4aff9y

  • MD5

    10ec143257b9b723ee3718db0c749836

  • SHA1

    3fce2ab4b6244c1cf66aaaaef1927a6b474bc355

  • SHA256

    12d4a1c97873ee94b9b371666debc07aea1fd56d8afda6d023d2426bc54f6e34

  • SHA512

    153e2f0aad951a7814667c65491de5aa2279298f28c28f0a6e8533fc361024ff96bdf87bd9a46ca0f3b868db9d987aa72cdd8cb8ffbd038bf5087fac529d9baa

  • SSDEEP

    49152:Q9OOQwfC4BQ1ePfQ7xOMM+OZm3TTqy+c+xyb6jZcJLJHs/ovJVw:GQaCgQ1eXrfZKTTuc+x06ORW/ovJ

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.gencoldfire.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    %j#!%z2b/?qM68K#

Targets

    • Target

      12d4a1c97873ee94b9b371666debc07aea1fd56d8afda6d023d2426bc54f6e34.exe

    • Size

      2.4MB

    • MD5

      10ec143257b9b723ee3718db0c749836

    • SHA1

      3fce2ab4b6244c1cf66aaaaef1927a6b474bc355

    • SHA256

      12d4a1c97873ee94b9b371666debc07aea1fd56d8afda6d023d2426bc54f6e34

    • SHA512

      153e2f0aad951a7814667c65491de5aa2279298f28c28f0a6e8533fc361024ff96bdf87bd9a46ca0f3b868db9d987aa72cdd8cb8ffbd038bf5087fac529d9baa

    • SSDEEP

      49152:Q9OOQwfC4BQ1ePfQ7xOMM+OZm3TTqy+c+xyb6jZcJLJHs/ovJVw:GQaCgQ1eXrfZKTTuc+x06ORW/ovJ

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks