Overview

overview

10

Static

static

5

Payment Ad...nt.exe

windows7-x64

10

Payment Ad...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3f780a664605af78873c6a52d33b92b034e6f3fc9b482c1ca09484b0df31035

  • Size

    999KB

  • Sample

    240918-dwmpaazfke

  • MD5

    df7076840e381d602b6ac50a1376278d

  • SHA1

    2f9a25050473e47160a50831c20aa70b75f8d0d0

  • SHA256

    d3f780a664605af78873c6a52d33b92b034e6f3fc9b482c1ca09484b0df31035

  • SHA512

    a8afe19dac63d25157f11f0d9ea070ca20aba433f59adf9e11bbd3e55f85ccd536b95f9b5d3f860f007eae46189ad8f12f22bb968692525dc582a0081b7f72de

  • SSDEEP

    24576:7Y7tC/D80olUcTCGOAxtSuh4u2ZLrhsjWqM7eZS6b60:7Ypi80olUcTLOOsY4PdpqtSe

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Payment Advice - Advice Ref[A2bpo3ZZeVwj] Priority payment.exe

    • Size

      1.3MB

    • MD5

      a8371130da53aa606d8c72201192ee47

    • SHA1

      3190b84eae50e45b78de3fa23b0de2541d73ea0b

    • SHA256

      da049cf547f66a701590bd333a9d61d0f7c448e3b798018f3d50497cc94445c7

    • SHA512

      0d849384b92eb807cfdcb1834d72b1506a5b73bd2c3fae09e291a71b0b0572737e1a2ceae0704b7ed89b3fdec386a516c5a1e907682e24caf0dc0c356ab44acb

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCzpQOAjXcup8W6xRnhI7Eoc7ehSc/cP:7JZoQrbTFZY1iaCzeOGsW89P/oNSz

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks