Overview

overview

10

Static

static

5

τραπε...df.exe

windows7-x64

10

τραπε...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae166d81a70a534f271a9adb74f136aea39b9b695077db4f726ba904b96e0dc7

  • Size

    573KB

  • Sample

    250119-bmm8cazrft

  • MD5

    936cc313166b49f7feda8b648d69156e

  • SHA1

    9feb2ff5d82371f728a42caec012fc3817fa8250

  • SHA256

    ae166d81a70a534f271a9adb74f136aea39b9b695077db4f726ba904b96e0dc7

  • SHA512

    616d93ffd94e9f12d3368b8d4151b2298b85c03b2be79c8043d8abbe59080facf042523b5a555dd801e36f0c19357e081b146b46903fedf27b149fb73057ab1e

  • SSDEEP

    12288:1BorW33wFi8OvANvtCyu9ViV7KvqwDKc28uYivXAx:I03R8YICqGKc2dFvXAx

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.midhcodistribuciones.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    ,A7}+JV4KExQ

Targets

    • Target

      τραπεζικά στοιχεία τιμολογίων.pdf.exe

    • Size

      1.1MB

    • MD5

      0a470f86451c8432bf923cc31d59f1be

    • SHA1

      14de1998f0144fec441ddd07319bccd463eeee2a

    • SHA256

      ef22dc4cd3ea2b343311f40794add67ae4bacab35783263d0af8ad3c0789f611

    • SHA512

      93a6970e7d9aafbd8003b7c6cb58d1d185ebd5344689d487e8d01880b5f95f0b93289763bc74c81b7f2939a572bfad85609c86f3f50f36ea309ec3b4dd1b01b7

    • SSDEEP

      24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aq5Z+UVOsMoPeiy:xTvC/MTQYxsWR7aq5Z+UwDCe

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks