Overview

overview

10

Static

static

10

temp Beta/...I2.dll

windows7-x64

1

temp Beta/...I2.dll

windows10-2004-x64

1

temp Beta/...UI.dll

windows7-x64

1

temp Beta/...UI.dll

windows10-2004-x64

1

temp Beta/...a).exe

windows7-x64

10

temp Beta/...a).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    temp Beta.rar

  • Size

    2.6MB

  • Sample

    240905-sn8dcatbqr

  • MD5

    fab286e5729a2f351b89c799eb303985

  • SHA1

    2497ba8878d42ac5f304e35895a149896e448cad

  • SHA256

    9ad488e91f4b4ca3fa364714b8a3d0a61d15634c044b4fcf1ff1fc439355bccc

  • SHA512

    fcc4dbc9bf836f356108c028e46d9001f06e39192cc146be15edce540ba44a90263ce14fc165ae875b8b89eee0e12842f93d5c99796827e30cd89d7dd2940c3d

  • SSDEEP

    49152:McCoo5L4Nn/s+HULSCam+38KpESc1Jqiyxh6SbvC3otFFYtz+4UeVkUsBZF:McgqNn/Nc/W2SOJPypvCBLnVkv

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      temp Beta/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c19e9e6a4bc1b668d19505a0437e7f7e

    • SHA1

      73be712aef4baa6e9dabfc237b5c039f62a847fa

    • SHA256

      9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82

    • SHA512

      b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

    • SSDEEP

      49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z

    Score
    1/10
    behavioral1behavioral2

    • Target

      temp Beta/Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      2474124f9a70301411e5a42caa0225f6

    • SHA1

      23c561479001148931601b14889d0c10c1420e85

    • SHA256

      283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4

    • SHA512

      a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff

    • SSDEEP

      24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF

    Score
    1/10
    behavioral3behavioral4

    • Target

      temp Beta/Temp (Beta).exe

    • Size

      1.6MB

    • MD5

      5076b6ad3b1a79a5d3ccafa201660a00

    • SHA1

      5daaf43df37e8220443e41daaf1fd089b92435a7

    • SHA256

      829fc63d05403cb63347896fdab68d143e21ccea4dfa9bbe8e967dc79caf1ce9

    • SHA512

      2b6a62a2ffb472ef24561d07878b1c559413aecb0e0bc4a023c9f88de47b2ad036ff53d23105ae1541d1c5399348f35a25f45fcc64e1a13951e0568d15aca7cf

    • SSDEEP

      49152:PVfCiOCBYl6yp+ZdoPGyNUud4iK8JJv7:tfCEY6y4doPGyNNd4vCv7

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojanpersistence

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks