Overview

overview

10

Static

static

3

4ecb044c64...be.exe

windows7-x64

10

4ecb044c64...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ecb044c6452b6c32130f91325195ff67dc1a69003262a138dd8320ad4a937be

  • Size

    660KB

  • Sample

    241227-bjdjqsxmfw

  • MD5

    589a3cae735dd3e1f1abaf67da7abf4d

  • SHA1

    c52d019da1152ffebc684622a2406d5c8779c293

  • SHA256

    4ecb044c6452b6c32130f91325195ff67dc1a69003262a138dd8320ad4a937be

  • SHA512

    8e06484c29f4f120492311effa1760a69a698feaa62a2cc9c8c21d994360f9c6c64f2f49ec5d2e8603557464df8604808fab37fc6238e0fb8a9190ccaea79466

  • SSDEEP

    12288:NvKaj/2djyIfSN6VzDkYc5oMrYepc/Q15RwFYEu4BFMUOpa8Q4BjOwjMf:NvQLq6KY0oyEuRweEu0FT2aSBjOGM

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    UGOKINGS1234

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    UGOKINGS1234

Targets

    • Target

      4ecb044c6452b6c32130f91325195ff67dc1a69003262a138dd8320ad4a937be

    • Size

      660KB

    • MD5

      589a3cae735dd3e1f1abaf67da7abf4d

    • SHA1

      c52d019da1152ffebc684622a2406d5c8779c293

    • SHA256

      4ecb044c6452b6c32130f91325195ff67dc1a69003262a138dd8320ad4a937be

    • SHA512

      8e06484c29f4f120492311effa1760a69a698feaa62a2cc9c8c21d994360f9c6c64f2f49ec5d2e8603557464df8604808fab37fc6238e0fb8a9190ccaea79466

    • SSDEEP

      12288:NvKaj/2djyIfSN6VzDkYc5oMrYepc/Q15RwFYEu4BFMUOpa8Q4BjOwjMf:NvQLq6KY0oyEuRweEu0FT2aSBjOGM

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks