Overview

overview

10

Static

static

3

58e4540c1c...08.exe

windows7-x64

10

58e4540c1c...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58e4540c1c53bc7bdcaa26de63fdff31ac8b6db3746c11aa20d0267e8bf83108.exe

  • Size

    642KB

  • Sample

    240910-b984bssgpa

  • MD5

    c96b1ab041b5de0d12add2c508811d2e

  • SHA1

    6312de7b19a06e5c4841c6ec610e9d3479d49ae5

  • SHA256

    58e4540c1c53bc7bdcaa26de63fdff31ac8b6db3746c11aa20d0267e8bf83108

  • SHA512

    5b9f29070170b6602205a2597c008db85d04dc3b3767fd78f40aaac19e5a733fb635c19304b94b031477783c6366b9b232907816c6bcc3febc712a274c0c4ee9

  • SSDEEP

    12288:P/YoBqcgsIg8CmihkBOmYBmhud+/S9qDXrVMz0MKF7IYXQTCsVx3K9i72l:4onJh4ZhR7VMYb7IBVUkE

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.alitextile.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Myname@321

Targets

    • Target

      58e4540c1c53bc7bdcaa26de63fdff31ac8b6db3746c11aa20d0267e8bf83108.exe

    • Size

      642KB

    • MD5

      c96b1ab041b5de0d12add2c508811d2e

    • SHA1

      6312de7b19a06e5c4841c6ec610e9d3479d49ae5

    • SHA256

      58e4540c1c53bc7bdcaa26de63fdff31ac8b6db3746c11aa20d0267e8bf83108

    • SHA512

      5b9f29070170b6602205a2597c008db85d04dc3b3767fd78f40aaac19e5a733fb635c19304b94b031477783c6366b9b232907816c6bcc3febc712a274c0c4ee9

    • SSDEEP

      12288:P/YoBqcgsIg8CmihkBOmYBmhud+/S9qDXrVMz0MKF7IYXQTCsVx3K9i72l:4onJh4ZhR7VMYb7IBVUkE

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks