Overview

overview

10

Static

static

3

Nueva ofer...z2.exe

windows7-x64

7

Nueva ofer...z2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d70310f811c8d2363043e469910c68190f4718e1ee42d1d2de3b2f53c4a197f8

  • Size

    1.0MB

  • Sample

    241016-bj9beaveld

  • MD5

    5798d3435d7ca15ab7d743f6acd34da8

  • SHA1

    dbad3208785bc672331065e0a4ba9166c6e96cda

  • SHA256

    d70310f811c8d2363043e469910c68190f4718e1ee42d1d2de3b2f53c4a197f8

  • SHA512

    42eda05cb87beb130204d1310a608499d84d22ee3be1cdc4c88b1ba83b1b9bb160f5620476438f407d564e016bb15a83d30001ed22a697e7e75ee1ce62661bf0

  • SSDEEP

    24576:MbhV1CE7iKeRFMk1X/XXYU0JO7LFRtO/zGCUjIzqb4NCN3UL+Bm:MtPC00HX/4Zkt4m4whULn

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.alternatifplastik.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Fineboy777@

Targets

    • Target

      Nueva oferta para COBRAL srl IMG-7263783-92829-bz2.exe

    • Size

      1.2MB

    • MD5

      7059c9fae0e7595bf454796551c79dab

    • SHA1

      ef9d22e79dd8f6482c1e1b6c285555b23026575e

    • SHA256

      f6c07c1f1b936ac8da62b2a68392634053d0b39c2da4c7ba98e7b7e0ae9fbf94

    • SHA512

      7696ef0e5063caa138a2ae832a498e62c19a33626194cdeb31d0159d6e86636bb494db461800fe5f8a7d014e607d3679ea74d54e8465322019ea22059bd6c218

    • SSDEEP

      24576:YtRjwkfngUIZzFwjcD5tH21r1o2LOGYca1Ip:mcEUxFwjwb0ho2XYC

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks