Overview

overview

10

Static

static

3

PO_ORDER.exe

windows7-x64

10

PO_ORDER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaf7d756d26c0c93f5bf73627ef35255_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240919-km1ccazgrq

  • MD5

    eaf7d756d26c0c93f5bf73627ef35255

  • SHA1

    002ff642474c667cc10fbb553db71f62da1251f0

  • SHA256

    d6c664ec1043c42e67388337bbc7461fd5f4b12804f4c4e8f2fe3fdb24bb534c

  • SHA512

    70b04d60b71c326139199a9474f67934e36f8c3890554af9d081551a383b1bb08643fa021c3ec09b00c5590a60e7dcd04f5500161618e5b94db3515e0e931fba

  • SSDEEP

    6144:FEpBijQl2KUvAjXAYAabyAI4AeLa8xThl+uhctt/e5w8rKWHOzC9h0qWzCLPKB0V:FXhTtFGrKrer0lCTem+zV2wNKP

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.makezimbetter.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mah3r@34

Targets

    • Target

      PO_ORDER.exe

    • Size

      563KB

    • MD5

      80af2be4dcc399e152a5c9d7d33572e7

    • SHA1

      a3a4e389095a2e7c35a094a6df20130fb446c4cb

    • SHA256

      d8fce87c4a8a86a31b234a0988171d6e1a4647deb272cd65fb2df76950a781ba

    • SHA512

      cc2ce0ba2809e327db79cffbb438ed250d3ef6f5df309fbb552f82b1b1bad2c44f6a64ab38e27e57cf7bccd97f8c0048a8fbc1b51de6fb74e25d337c13e7c949

    • SSDEEP

      6144:qEpBijQl2KUvAjXAYAabyAI4AeLa8xThl+uhctt/e5w8rKWHOzC9h0qWzCLPKB0V:qXhTtFGrKrer0lCTem+zV2wNKP

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks