Overview

overview

10

Static

static

3

ORDEN 3465.exe

windows7-x64

10

ORDEN 3465.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e98e30adaa94b6ec8f1f561541881a66bc6a8680ac7ef71c9aeeda8f2f93773

  • Size

    633KB

  • Sample

    241123-b7t7dsvlew

  • MD5

    d44f8c3b1d0d319838ea511b3a8fc330

  • SHA1

    52f7ee336cae42132377f032de6427e4ce4fa8c6

  • SHA256

    1e98e30adaa94b6ec8f1f561541881a66bc6a8680ac7ef71c9aeeda8f2f93773

  • SHA512

    f4b11228e9d67dbd68d242013f8bb8b5b892944a498e7c5cd9841c36671d47e94f570742450473587c47ad9a28a775dbf20b9640f5ad876aeabd3515baa6a23c

  • SSDEEP

    12288:o0Of2a2Q7DfeZCIG1jELKw42RZKt+0PnFlQEZ33sEhM5yDg3GylNAWdbFqboqfD:o0OenQ7D+Cp1QLPLKI4nJ3sES5yDg3GN

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      ORDEN 3465.exe

    • Size

      708KB

    • MD5

      f962699073f9c99e8da4d33ef39fcb77

    • SHA1

      af40a09acff0e81c61f2834e7ed7f56a9ab926b5

    • SHA256

      9bd2872c21699d60de7830ceeaa37d2f69dd8039a089106abd91c1a7dc1f8e96

    • SHA512

      c7e9cc304b5cdfc15c4dd563e36f5078fb83255682f38ec7ad7aa1015cdbd2e9569dcde370fa731361315f5139394a0cc70a770e5583b686c7659571325a73be

    • SSDEEP

      12288:HDK4A9be9pXLOo1/SYJMGhEw/XlC8TqUDVlHeSSlo/uwk/9S5zb:jKmh9AqhEw/Xl5uUDbH6luE9

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks