Overview

overview

10

Static

static

1

86548927a6...46.zip

windows10-1703-x64

1

86548927a6...46.exe

windows10-1703-x64

10

Resubmissions

05-10-2024 13:31

241005-qsm7vstfqk 10

20-03-2024 10:42

240320-mr6e9sfe3w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846.zip

  • Size

    634KB

  • Sample

    241005-qsm7vstfqk

  • MD5

    d2a5b7b4ee9503155d19c00548059e31

  • SHA1

    107951d1a88d56041dfbb272bbc4c49a3921e075

  • SHA256

    38ef20b71846a8278f246ff6ce1a847a2d52ddc9b0c1f5494ba4517101281490

  • SHA512

    73ffe4073e8465c3a10699ce93217b813f992419af6b726ba9aee9ee952b8c8d16d8d5c32ad5448254e3af9d9d211d6e4c893444d4238f4634c3acbb46c2a01b

  • SSDEEP

    12288:wcrvLZT7/fTm9mEEkD6Y+o5g4ahyDpXnO3r0Tk5k:woD17z5kDDPaYDdV

Score
10/10
agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.zqamcx.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Anambraeast@123

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846.zip

    • Size

      634KB

    • MD5

      d2a5b7b4ee9503155d19c00548059e31

    • SHA1

      107951d1a88d56041dfbb272bbc4c49a3921e075

    • SHA256

      38ef20b71846a8278f246ff6ce1a847a2d52ddc9b0c1f5494ba4517101281490

    • SHA512

      73ffe4073e8465c3a10699ce93217b813f992419af6b726ba9aee9ee952b8c8d16d8d5c32ad5448254e3af9d9d211d6e4c893444d4238f4634c3acbb46c2a01b

    • SSDEEP

      12288:wcrvLZT7/fTm9mEEkD6Y+o5g4ahyDpXnO3r0Tk5k:woD17z5kDDPaYDdV

    Score
    1/10
    behavioral1

    • Target

      86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846.exe

    • Size

      666KB

    • MD5

      49a614236d15faef7cf8bf28ab590829

    • SHA1

      0009643dea2b241e31200fa7d0e87f2195974fdc

    • SHA256

      86548927a6a677ef5b188069d885fd755d56dcd21ba7b01c96915ec888c86846

    • SHA512

      8635bf3a1a6b552bc49d7e2369d914345ffb82e37090bd1902a4de3ec0638ee2c2f4c1715fcdaf2c410bb7fdf78ce00bd74ce3bf9ce803e206295982459a653e

    • SSDEEP

      12288:FMy2+qkC8slD1k92DVgbLEc5zZVxmmq8F46MYsXQ5l2bkR:Fj/Hsl5k92sPFZVEDYzK+

    Score
    10/10
    agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks