Overview

overview

10

Static

static

5

rARKMONEY.exe

windows7-x64

10

rARKMONEY.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rARKMONEY.exe

  • Size

    1.2MB

  • Sample

    240828-22wq5sshpl

  • MD5

    f7f4bfcd83d9987631beb58d27d1d30e

  • SHA1

    f5f8ddbddbab7cf57e9755c9b42cdc536c7391f7

  • SHA256

    705dd6f078fb10d234b659a7b663d29f40725e7631b25714ae6d7789853202fb

  • SHA512

    6fdb8f9a21208c1c9473c6049d45d5ca754f891a054e8a06de23f74281bda0e08aac954a73db56dbbf84b6db92d0bc78319af150a6d29f061fc9d8ec0a31d57a

  • SSDEEP

    24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8azFjq88okgA4:UTvC/MTQYxsWR7azFO5

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      rARKMONEY.exe

    • Size

      1.2MB

    • MD5

      f7f4bfcd83d9987631beb58d27d1d30e

    • SHA1

      f5f8ddbddbab7cf57e9755c9b42cdc536c7391f7

    • SHA256

      705dd6f078fb10d234b659a7b663d29f40725e7631b25714ae6d7789853202fb

    • SHA512

      6fdb8f9a21208c1c9473c6049d45d5ca754f891a054e8a06de23f74281bda0e08aac954a73db56dbbf84b6db92d0bc78319af150a6d29f061fc9d8ec0a31d57a

    • SSDEEP

      24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8azFjq88okgA4:UTvC/MTQYxsWR7azFO5

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks