Overview

overview

10

Static

static

5

BERGE KEBN...df.scr

windows7-x64

10

BERGE KEBN...df.scr

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    BERGE KEBNEKAISE - AGENCY APPOINTMENT.pdf.lzh

  • Size

    763KB

  • Sample

    240724-hjzwaswdpc

  • MD5

    babe98b132458b256d417c1cfd2684e9

  • SHA1

    16a3d0ae96532807f1f1019fcaa543fa802a4fcd

  • SHA256

    67186619653536b53c161e9082db54180da841d88d42582751a800816c53d5d2

  • SHA512

    c1af6f7592efbdd4f06a894ad9c9e674e64e4a6097e0cd575e1c00f555876c0cb540c78ec28da4485c683776e657bb96e2e2ec66e918a9e53617afca4263de58

  • SSDEEP

    12288:qD09u1UdGH53/N+dWB1aosOGO5C1YQlkBOLDwIFyoeai0KW1nEIvCdCbJSinGhG/:7u5PYMB1uJieVYIFydUKWfvVFSiqk

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      BERGE KEBNEKAISE - AGENCY APPOINTMENT.pdf.scr

    • Size

      1.2MB

    • MD5

      b751c109909f5496cce7f78bdbc70fd5

    • SHA1

      e1ff66fe251e257b8f13296287de03c98718c803

    • SHA256

      8bcf3269c39824245da759c67e4155e6896216e3e786223eab51e428f5664fe7

    • SHA512

      bd8368bf35afa6e0c066457392c966e92cbdad9f4e825292cb3145c5d797fe33fc4ebad5b796761fb287c0944ffe661c932f0b8c773d0b741b9eb2da97b1104f

    • SSDEEP

      24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8aaAk85MJlzg5b0ADhj:tTvC/MTQYxsWR7aauMg50ADh

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks