Overview

overview

10

Static

static

5

Roundcube ...ml.exe

windows7-x64

10

Roundcube ...ml.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18985da0864633bd764aa9d2760e4f28f0c0558a1baf0b0d855b74332079d021.zip

  • Size

    820KB

  • Sample

    240609-mgr5wshc9s

  • MD5

    3825d536307b331690b33f53c561f7cc

  • SHA1

    c9c7eefb0b4bc3c314fbf858c29ed49fa6cf3b9e

  • SHA256

    18985da0864633bd764aa9d2760e4f28f0c0558a1baf0b0d855b74332079d021

  • SHA512

    9500a5519e025cb232feaf358072f0e863337be3232f934b7ac80776e22096e28ac3868f760f0291440fea56129aedb00dd4da24654cd3d83e0d24ce30572b39

  • SSDEEP

    12288:KqlzjzKzMz7BcrjUb0M8FT0F8WcdCw/GTmvAZI9ERhPFEH7GEqZS/iQ56r/ChpLs:nuzMz7az0FeMLYnCVzEqZS5YdsBZ3S

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.ppg-pa.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    DKKfy2001$

Targets

    • Target

      Roundcube account_recent_activities_June_06_24___eml.exe

    • Size

      1.3MB

    • MD5

      73dfd9de87af64f52cdf1aea89ff7802

    • SHA1

      dec3e5c60f84ce967a20f08210d8112b37e51ec6

    • SHA256

      76fb2ead4693296ca4bd449b262cc0ccc6527180d71da0a9dcfcdd8518df9651

    • SHA512

      0982185fcc3d08d5993de5f93b8ee9016d8f9dc7a5915daac2b6db8d92d1f90ba19f83e2ffc094fd2e51ed6316ce98055767682fcc6061470babb937899a6300

    • SSDEEP

      24576:BAHnh+eWsN3skA4RV1Hom2KXMmHa6GQqzL3EgZSBYr+ZZRjK5:Yh+ZkldoPK8YaiqzrwE

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks