Overview

overview

10

Static

static

3

Factura ve...61.exe

windows10-2004-x64

10

MidlrtMd.dll

windows7-x64

10

MidlrtMd.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f

  • Size

    1.9MB

  • Sample

    250121-bjyvnsylhq

  • MD5

    fb4d8331262508e0e1144ebc9faf8e9d

  • SHA1

    61301516393351772408508180430ccfe1ec98e7

  • SHA256

    e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f

  • SHA512

    dab93567b9b51c94c9ede026f83111de57e7c87f7348240cba3a71b6a425033d16a61f14b24728773708a27923d3b43236bdefab3ef9c9ecf15d47694bf977fc

  • SSDEEP

    49152:sAM++GyHxQ/5qKK3YOxYBHFeIm28y1MEZhXByJ+LEHLicvgUhqE:05xAK35uHw211MEZ5ByJ+LkVvpb

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.transotraval.cl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    vIZ2P]dt&a!d

Targets

    • Target

      Factura venta 9502421961.exe

    • Size

      2.1MB

    • MD5

      b552a68254db8588f80099f7a11034bf

    • SHA1

      0c849a36b66530996af7855795d943c5a9b1aa18

    • SHA256

      36d6dec0b050ee5033a6ed08a3655707e78df9010af42701310caa3e9d0cfe33

    • SHA512

      de56930d590c45e1c6e046ac6fb476b0609abb5462f1bae516f4016d07499a1375ea19556caf873f169c901cfa0b91278e99f0859caab1d60b506bb1694ec366

    • SSDEEP

      24576:wUCqhZUBEX2lldovIKg9PQefbCjUjBotakS/H0Vi1HUv88qOxcS0eUMh1nIhUWbp:w8hWB3llQefqUjBoE/EiY/1mbbL6

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      MidlrtMd.dll

    • Size

      2.9MB

    • MD5

      df9c641b90e075383731dbeb08609f41

    • SHA1

      977001da82781989044267c68f8e630faacbb6ed

    • SHA256

      0c55f9e6f367fa093d4447d1dfef3911e702eb4d9ff4c3879783cd91253be422

    • SHA512

      153da28f59509c14cd80e89b150bcbd277ea6c93e6b7e60f13f29ddeb2270116300ed9eb79ba46b1ace04ea88e6e6aca04da143a124ee433b5270668980fa311

    • SSDEEP

      49152:UJ5cxuOV/38UsrN0EEToH+N9uXJdGSGz1bokAKwls:ezPrGyJd

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks