Overview

overview

10

Static

static

c11d6124ee...c0.exe

windows7_x64

10

c11d6124ee...c0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c11d6124ee0522c7ab71d20cf3474dc0.exe

  • Size

    604KB

  • Sample

    201120-knqf4kteh2

  • MD5

    c11d6124ee0522c7ab71d20cf3474dc0

  • SHA1

    c52a64b7189c762b907a9d727950f3d1364c68ba

  • SHA256

    871a7f14c61157dbea48d27f92bc64097e10eb44a9c8ef7543c435e275ca249c

  • SHA512

    24b4d1776b4ec8610d1fe66a5aa9dc5a2886562e4805e0069e2177a477b272887cb7cd4616f4763814e6ffb6aa456a2b94301289b1fa75bf0585812d1f2a7c40

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    peter.terkper@gh-wilmar-intl.com
  • Password:
    NNuzALf1

Targets

    • Target

      c11d6124ee0522c7ab71d20cf3474dc0.exe

    • Size

      604KB

    • MD5

      c11d6124ee0522c7ab71d20cf3474dc0

    • SHA1

      c52a64b7189c762b907a9d727950f3d1364c68ba

    • SHA256

      871a7f14c61157dbea48d27f92bc64097e10eb44a9c8ef7543c435e275ca249c

    • SHA512

      24b4d1776b4ec8610d1fe66a5aa9dc5a2886562e4805e0069e2177a477b272887cb7cd4616f4763814e6ffb6aa456a2b94301289b1fa75bf0585812d1f2a7c40

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks