Overview

overview

10

Static

static

3

Payment details.exe

windows7-x64

10

Payment details.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    798dd6a52dfad4bbea1eac8d2006e7ff.bin

  • Size

    653KB

  • Sample

    240428-bvbvaada45

  • MD5

    e6b961420e339db2effb2800960329f6

  • SHA1

    35bf5e24ee7c8ed0ddafff48b4646f2591a1d82c

  • SHA256

    30e74b7dfe9e162a7df007407aee82d84119750c8acf706a7e1c7dd671b61f98

  • SHA512

    d39572e33bcb28db7413903f64b29b1ea0bc604ef8af7c622881708a5c6c8537a901e9e3ee6642b41577df6b223ab76e28fe4f86792bd097515f4170f7afa6b7

  • SSDEEP

    12288:VKY4lpYcahdfsdQQweN1BtoA4IxfSfYVMlUGd6N7Ln+8ZKDErOvOGrpK3czkUH:VdIbaYe3eNWPiuYClUQ6JXyEQOqzX

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Payment details.exe

    • Size

      706KB

    • MD5

      d88a9970ec7a11ade4a6dfc3d8150496

    • SHA1

      90e72afbb1eed4c0f20fbc8a7ef5e3069ece0eef

    • SHA256

      c159014c79f8dc4d7888b0c092286f9b47fb2b1497dfbfa7c0620d78257127e2

    • SHA512

      54596967f17980e34528c20a2b284edcd03c02dd105d904600cb4e48816b560c201371b2f202db962a1df37dca310dd4a82ed08ab12683ccde74dd404d0a1af2

    • SSDEEP

      12288:GTn3D0uf8+u0wrXN/HoX18jyU0rOcKdIXxIlmQockPZS+/I6YtMl0:Az0uf8+1wriF8grBkIhIlmQocz+/TmM

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks