Overview

overview

10

Static

static

10

cc09d80b3d...56.exe

windows7-x64

10

cc09d80b3d...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc09d80b3df5d59a820f00bbf844c1fed9eb68bbc60a57d46c355937b2c2f956

  • Size

    247KB

  • Sample

    250125-bsgyhszmap

  • MD5

    0097be8e878355a2d890ad0a5a384bd1

  • SHA1

    52ffbce57403207c11a4666dcb50931819795d3f

  • SHA256

    cc09d80b3df5d59a820f00bbf844c1fed9eb68bbc60a57d46c355937b2c2f956

  • SHA512

    c0eba1fadfe1526cad14ced06b6d54391009e837e460b86ca0d6a496b261a0939c4476def032a187c28c49102cc46d7cbc1fdf8875937bf90faaab91c5066e73

  • SSDEEP

    3072:haevxCCCSiu2WFphqvPTPhYmyy+3+7cFJ5f9PR2d5JV0:I0CCCSiu2WFphqL+m6O7cFxP4

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    novida.com.br
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    joymywife12345PT

Targets

    • Target

      cc09d80b3df5d59a820f00bbf844c1fed9eb68bbc60a57d46c355937b2c2f956

    • Size

      247KB

    • MD5

      0097be8e878355a2d890ad0a5a384bd1

    • SHA1

      52ffbce57403207c11a4666dcb50931819795d3f

    • SHA256

      cc09d80b3df5d59a820f00bbf844c1fed9eb68bbc60a57d46c355937b2c2f956

    • SHA512

      c0eba1fadfe1526cad14ced06b6d54391009e837e460b86ca0d6a496b261a0939c4476def032a187c28c49102cc46d7cbc1fdf8875937bf90faaab91c5066e73

    • SSDEEP

      3072:haevxCCCSiu2WFphqvPTPhYmyy+3+7cFJ5f9PR2d5JV0:I0CCCSiu2WFphqL+m6O7cFxP4

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks