General
-
Target
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e.exe
-
Size
1.4MB
-
Sample
241106-c9w97ssnfy
-
MD5
0b67de290afdcb06218d5ab1a6c3c49b
-
SHA1
372ecac4cd7fe8de0f89aff4755683f8fed81a26
-
SHA256
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e
-
SHA512
fc21a1dc1a1a29a5bdfc0d28f8d1a6be9204a26b7946b08d27e97b4e4c31c4be1caaa0bb9e2b199697ea0ec529ef7165c37ee7bb512c6accdae179f86fd66063
-
SSDEEP
24576:ktdCzxWfKe9UR1FCBmjwGJkAQy4X1N4QNbJP71SIzKgopvgeum5hD4nA:k2xWfKe9E1rEGZQTXXdP78d91Pumv4nA
Static task
static1
Behavioral task
behavioral1
Sample
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e.exe
-
Size
1.4MB
-
MD5
0b67de290afdcb06218d5ab1a6c3c49b
-
SHA1
372ecac4cd7fe8de0f89aff4755683f8fed81a26
-
SHA256
669bfc59550b87a86c5e87d33da3e63be15f8712184a6aa176e0021b8c65df1e
-
SHA512
fc21a1dc1a1a29a5bdfc0d28f8d1a6be9204a26b7946b08d27e97b4e4c31c4be1caaa0bb9e2b199697ea0ec529ef7165c37ee7bb512c6accdae179f86fd66063
-
SSDEEP
24576:ktdCzxWfKe9UR1FCBmjwGJkAQy4X1N4QNbJP71SIzKgopvgeum5hD4nA:k2xWfKe9E1rEGZQTXXdP78d91Pumv4nA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Guloader family
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fc3772787eb239ef4d0399680dcc4343
-
SHA1
db2fa99ec967178cd8057a14a428a8439a961a73
-
SHA256
9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed
-
SHA512
79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89
-
SSDEEP
192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1