Overview

overview

10

Static

static

3

GEFA-Order...89.exe

windows7-x64

3

GEFA-Order...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GEFA-Order 232343-68983689.exe

  • Size

    9KB

  • Sample

    241009-krk38avena

  • MD5

    0c3d0b4cd6833a23ebc0687d97c64d73

  • SHA1

    41bae7df2f2544b207777c920429383a88745035

  • SHA256

    f0fa4e57be6d0ad0debbbb9189344a61896d0d38c6c9f2345d2421070e20389c

  • SHA512

    dbf66bf2cb3b1124fa7f9f396c4b979388e6dfae9ca2bec6b6c792d6f5d4f23f8827330712419394eb1989654af7f6d7ccd14c3fd8582870a7fa774207c80b80

  • SSDEEP

    192:XNwfhPQWzJTuFZVFJ5pztwaqRI3INwEvRknn/cE7TSAl:9QpxTufjJ5pzt3Kw0Rkn0dA

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.alternatifplastik.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Fineboy777@

Targets

    • Target

      GEFA-Order 232343-68983689.exe

    • Size

      9KB

    • MD5

      0c3d0b4cd6833a23ebc0687d97c64d73

    • SHA1

      41bae7df2f2544b207777c920429383a88745035

    • SHA256

      f0fa4e57be6d0ad0debbbb9189344a61896d0d38c6c9f2345d2421070e20389c

    • SHA512

      dbf66bf2cb3b1124fa7f9f396c4b979388e6dfae9ca2bec6b6c792d6f5d4f23f8827330712419394eb1989654af7f6d7ccd14c3fd8582870a7fa774207c80b80

    • SSDEEP

      192:XNwfhPQWzJTuFZVFJ5pztwaqRI3INwEvRknn/cE7TSAl:9QpxTufjJ5pzt3Kw0Rkn0dA

    Score
    10/10
    discoveryagentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks