General
-
Target
rendels_1023200000000000305.exe
-
Size
979KB
-
Sample
241209-my6dvazlen
-
MD5
ff83f495808f8837a41405726ce9d7b9
-
SHA1
186bb042c4a61b7905ed62bde58f062725897192
-
SHA256
186a1d9c4703d9498b26d88451e31018ff66b7f9f135e0ed93f9ac10aa485753
-
SHA512
89112cc0a4b7349bbb9b9c2b2e466f895375ee099a27b6a497be3860414f9ad9d8ec87b0dd521e029fc4827ee1e1560b76e319e5b4ea12ac1b76986626f2ddca
-
SSDEEP
24576:+YB//x9sjWsxFLFS8Tppg8bY6yEV+ztrHvm:j9//CWWTppm65wc
Static task
static1
Behavioral task
behavioral1
Sample
rendels_1023200000000000305.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
rendels_1023200000000000305.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.carbognin.it - Port:
21 - Username:
[email protected] - Password:
59Cif8wZUH#X
Targets
-
-
Target
rendels_1023200000000000305.exe
-
Size
979KB
-
MD5
ff83f495808f8837a41405726ce9d7b9
-
SHA1
186bb042c4a61b7905ed62bde58f062725897192
-
SHA256
186a1d9c4703d9498b26d88451e31018ff66b7f9f135e0ed93f9ac10aa485753
-
SHA512
89112cc0a4b7349bbb9b9c2b2e466f895375ee099a27b6a497be3860414f9ad9d8ec87b0dd521e029fc4827ee1e1560b76e319e5b4ea12ac1b76986626f2ddca
-
SSDEEP
24576:+YB//x9sjWsxFLFS8Tppg8bY6yEV+ztrHvm:j9//CWWTppm65wc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Guloader family
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1