Overview

overview

10

Static

static

5

e7cd58a50e...4d.exe

windows7-x64

10

e7cd58a50e...4d.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7cd58a50e4d53e1bfbcb4457d12f40db4b75144dde77bfbb594125ce522d54d

  • Size

    1.1MB

  • Sample

    240428-bpbx4acg84

  • MD5

    de6540781225c26de5323372607b1b86

  • SHA1

    47285e439b17e8d9382af52534d5e48505366130

  • SHA256

    e7cd58a50e4d53e1bfbcb4457d12f40db4b75144dde77bfbb594125ce522d54d

  • SHA512

    d4d9b14cb6dd86c89d86f23e65251a384a6a4062d89e9a15d9c4b553fb50fc53a80f9b21cc9443f886c081625c7a983500b9f239d213c7e81988dd426072feb6

  • SSDEEP

    24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8afCUzbkEys:QTvC/MTQYxsWR7afCubb

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.jmfresh.sg
  • Port:
    587
  • Username:
    sales@jmfresh.sg
  • Password:
    sales@jmfresh.sg
  • Email To:
    kenneth01virus@gmail.com

Targets

    • Target

      e7cd58a50e4d53e1bfbcb4457d12f40db4b75144dde77bfbb594125ce522d54d

    • Size

      1.1MB

    • MD5

      de6540781225c26de5323372607b1b86

    • SHA1

      47285e439b17e8d9382af52534d5e48505366130

    • SHA256

      e7cd58a50e4d53e1bfbcb4457d12f40db4b75144dde77bfbb594125ce522d54d

    • SHA512

      d4d9b14cb6dd86c89d86f23e65251a384a6a4062d89e9a15d9c4b553fb50fc53a80f9b21cc9443f886c081625c7a983500b9f239d213c7e81988dd426072feb6

    • SSDEEP

      24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8afCUzbkEys:QTvC/MTQYxsWR7afCubb

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks