Overview

overview

10

Static

static

3

30f816e55b...09.exe

windows7-x64

10

30f816e55b...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_168fe1623df8b35d77fdb3c9931375940f6243ef7d5fff67f41020f06aae4f2a

  • Size

    613KB

  • Sample

    241222-glnqdawnbz

  • MD5

    77163c8ebcc6193e2e0252d29a711551

  • SHA1

    5bb15580cc94fe01824b80326cc2d36d5ef75132

  • SHA256

    168fe1623df8b35d77fdb3c9931375940f6243ef7d5fff67f41020f06aae4f2a

  • SHA512

    58a3e1e1dcac9f77ad3c1ac35e3ac78d5be102a2491b3e7ddd48b0acd4cb545de6d831e052959ef741494e7824517493d34a3709f7b717fc621883e6f45b54db

  • SSDEEP

    12288:4hW4SQPpZuKEYXrDmaFw9WilPu6BTxHTaZDcBIV84XRk6XjIxEhFsV:4AQP1E6rJFwgCtEcBoRXHjIxErK

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.valvulasthermovalve.cl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    LILKOOLL14!!

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.valvulasthermovalve.cl/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    LILKOOLL14!!

Targets

    • Target

      30f816e55b01b1e22af3e9d7755bb75279b7e6f38eb2ffaf790d6234e5036709.exe

    • Size

      651KB

    • MD5

      70089ee71f366b852ab6fdd1f6b57b55

    • SHA1

      76dff305a3093b266e41bf5b6e959e69f5846808

    • SHA256

      30f816e55b01b1e22af3e9d7755bb75279b7e6f38eb2ffaf790d6234e5036709

    • SHA512

      1086a6e76200a555c6fb92b5dc8efa275162597a9ce197350fd39f00cd6ed3e26a57d6f37091423265d282dd58a20bdaab5898e7f00b9f8b2dfa24d777abb937

    • SSDEEP

      12288:OxZGzPK6N78EkOAjQ6RHKfKvCFNRMcqe7ahktbl07kyLL1XXMQ+u:r97zrAjQ6BKSvmRMrLkNSoyLJnM

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks