agenttesla | d7faca4503dbcf15254bf50daf808e675522d9bf2047799a0b8b72a51533ce0e

General

Target

Nikita.rar
Size

6.7MB
Sample

240903-rbdgrszdnh
MD5

a63d54b86ba71e9725a3ba5c73894bb5
SHA1

f38f45a84c967da3db55540ac9ca2e1f78f834bb
SHA256

d7faca4503dbcf15254bf50daf808e675522d9bf2047799a0b8b72a51533ce0e
SHA512

cf2811caeeb037e4c769628db816804c134ec1e02254aaf0de9018515a9d0cad79a902e4be7be43f00f42bea838d2a06f40e2f2aedd1557cf8886a80bb4083ed
SSDEEP

196608:Jcg2ylA+VCoAHQyrTT0HSkYYjZ1Vq1/SIiDzN:ZDo13virnVq1aImzN

Score

10^/10

Malware Config

Targets

- Target
  
  Nikita/Lua.Kb2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral1 behavioral2
- Target
  
  Nikita/Nikita.exe
- Size
  
  6.2MB
- MD5
  
  b41dab020a8427b50c28f19bfe34b612
- SHA1
  
  5d86a1989ed2064e2d3e0390146dfc85eb84871e
- SHA256
  
  eb5a4ac30901818ecc052461b2e574a6abc6e6ac1de5f7ce3427868f6cbf6d08
- SHA512
  
  3b92f9fff191d175cacd2857e327eca1df3338be05c541bbf909fc47f3f9892212fbe3cf4d6808c574dc3bba2d3e176960f9b6e9aeb2c46b12ede1d224547dc2
- SSDEEP
  
  98304:NPEtdFBgNzb71QGQCPDbZfPmtfXJOLhx9fZAzDJ4wzQgsRuGK4RPBMgS39xTc:N+FOdQmRGFJMIDJf0gsAGK4RPugeTc
Score

9^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral3 behavioral4