Overview

overview

10

Static

static

5

Compra_600000376.rar

windows7-x64

10

Compra_600000376.rar

windows10-2004-x64

1

Compra_600000376.exe

windows7-x64

10

Compra_600000376.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Resubmissions

15/11/2024, 17:39

241115-v8ac6aslck 10

15/11/2024, 17:17

241115-vt1lssyaqa 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Compra_600000376.001

  • Size

    567KB

  • Sample

    241115-vt1lssyaqa

  • MD5

    a72f4506922701f357767064415c845a

  • SHA1

    c26d95b6b65eaa7c1ab1300f6c1d6bd1ad0bb16c

  • SHA256

    883520fe10700a49aaf93a8d0fea197c7aca4d3af10c409f4210cb0cfaed75e9

  • SHA512

    0a9d31abb15bdb7ca5b1123a419988fe0c5c75ebd4b54420a8e9c2d84d997880110a82469c66b0599ccf2e1db57dc9294b0b71a6ebb03b9ef570bbcc1d8b17d5

  • SSDEEP

    12288:MCmPDbtgglk3nYsDe48pPGm/5NoTsTdeb5JlOap2ax:yPntggYnLqeg5NHQbeax

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojanupx

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      Compra_600000376.001

    • Size

      567KB

    • MD5

      a72f4506922701f357767064415c845a

    • SHA1

      c26d95b6b65eaa7c1ab1300f6c1d6bd1ad0bb16c

    • SHA256

      883520fe10700a49aaf93a8d0fea197c7aca4d3af10c409f4210cb0cfaed75e9

    • SHA512

      0a9d31abb15bdb7ca5b1123a419988fe0c5c75ebd4b54420a8e9c2d84d997880110a82469c66b0599ccf2e1db57dc9294b0b71a6ebb03b9ef570bbcc1d8b17d5

    • SSDEEP

      12288:MCmPDbtgglk3nYsDe48pPGm/5NoTsTdeb5JlOap2ax:yPntggYnLqeg5NHQbeax

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      Compra_600000376.exe

    • Size

      649KB

    • MD5

      63abd958f823c530adf43b1bb352682b

    • SHA1

      1c1e62524bab0ae93b5cacc96c6131d7ae807668

    • SHA256

      78ba167393b90253983058b4b3456dc65d3bb07d10bc61c70e5b4f5d5d43ad96

    • SHA512

      20e39b473d83aa25c2cb420f73577b49ea11569833315051bcab140e51b7a01ca749b33c33bbae797e5dfb5c8d549e6204f49a8b2c3983bb3dba9b7e1b5201db

    • SSDEEP

      12288:POv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPifUcTb1x7uA/bJUkpaY1:Pq5TfcdHj4fmbsUmO8JUO1

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      out.upx

    • Size

      1.1MB

    • MD5

      36d79cd93e422eb066f41e8b61d3c384

    • SHA1

      0d49e9b11bf551baf2d19ca2d2a314e15a0673d0

    • SHA256

      02aa920f492e6f997d4129dabeb50c1d7cfebc0013a5d23dcfe77474317aa596

    • SHA512

      0140f86c60e5dd4ee0f250419436f6e40c02682b6469c9e7aa02f06f1b2ac023a73d23325a87b84e7e734f465b272675b68594fa02c3402c05b5811fa6c867c9

    • SSDEEP

      12288:rtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNxPPpHPUcTb1x7uA/bJUkpaY1:rtb20pkaCqT5TBWgN5BUmO8JUO1

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks