General
-
Target
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e
-
Size
843KB
-
Sample
241122-bqm2raxmel
-
MD5
0c763f61e1285fd96d381cee3f91dfd7
-
SHA1
3c3eb79b785d3281a2bf6c02a2ef57201c412764
-
SHA256
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e
-
SHA512
95870d4571c49590a517765c7e427d58264461b5ab739e427a15cec77e21893e20ffc69ad48882a4a3fbe096e409ef42ac89cf32cc541feb9d416033def2cec5
-
SSDEEP
12288:aONerhcoCtvBfBSk88kt1ZnscLxc4mryf+4ozW5Im:aOQKffMrR1ZnsctcNO
Static task
static1
Behavioral task
behavioral1
Sample
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://kagabo.net/ - Port:
21 - Username:
[email protected] - Password:
a*~dSQ1QRg)3
Protocol: ftp- Host:
ftp://kagabo.net/ - Port:
21 - Username:
[email protected] - Password:
a*~dSQ1QRg)3
Targets
-
-
Target
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e
-
Size
843KB
-
MD5
0c763f61e1285fd96d381cee3f91dfd7
-
SHA1
3c3eb79b785d3281a2bf6c02a2ef57201c412764
-
SHA256
7c040a0dd35ad0f0eae1613752850081181ed3f5310f557802302d6bd046591e
-
SHA512
95870d4571c49590a517765c7e427d58264461b5ab739e427a15cec77e21893e20ffc69ad48882a4a3fbe096e409ef42ac89cf32cc541feb9d416033def2cec5
-
SSDEEP
12288:aONerhcoCtvBfBSk88kt1ZnscLxc4mryf+4ozW5Im:aOQKffMrR1ZnsctcNO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1