General

  • Target

    E-dekont.exe

  • Size

    534KB

  • Sample

    240612-g3tb7asglg

  • MD5

    6f744b05e92a5b23128d10fa5bebcf7d

  • SHA1

    a6fa8cebc0f5d5df7dfafccf72e2c0b6440afc9f

  • SHA256

    6bb181d16e97a264c63f155cdf428a8aaf745ed4c87e3ef708b3843b18e54c7b

  • SHA512

    cd6763af21e71c2c7c1495ec0d1ec4efe676dfb95ba8c5bd5d7f3378c67bced8710cddb1696b9f58bb42f0e01d053ba6cbad6746024ec4f05accbc5eebae667d

  • SSDEEP

    12288:eGLutzWg0wswMbRfllhTE4GZTg/OZLbDSY:eGLA7szREzZE2ZLbDL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      E-dekont.exe

    • Size

      534KB

    • MD5

      6f744b05e92a5b23128d10fa5bebcf7d

    • SHA1

      a6fa8cebc0f5d5df7dfafccf72e2c0b6440afc9f

    • SHA256

      6bb181d16e97a264c63f155cdf428a8aaf745ed4c87e3ef708b3843b18e54c7b

    • SHA512

      cd6763af21e71c2c7c1495ec0d1ec4efe676dfb95ba8c5bd5d7f3378c67bced8710cddb1696b9f58bb42f0e01d053ba6cbad6746024ec4f05accbc5eebae667d

    • SSDEEP

      12288:eGLutzWg0wswMbRfllhTE4GZTg/OZLbDSY:eGLA7szREzZE2ZLbDL

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks