Overview

overview

10

Static

static

scan copy-001.exe

windows7_x64

10

scan copy-001.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan copy-001.exe

  • Size

    1.1MB

  • Sample

    210111-wy9jffj8kn

  • MD5

    e5f75d96fdbd9b2edf0623ca56e60a84

  • SHA1

    93e0f48621b5550f72869c371796f2c04be9d8fb

  • SHA256

    22a1bf1796ab58532e00602c90341a0e095f752c646c3614a115ede18c91f3cf

  • SHA512

    3191abf781821c47d1e7a8d1acbc8ddab9147074d49a77566bf6e708b285c643084b14900fc378fc931bd2362e3de2a45e6b3e7afe7c1d8676159fda8e228540

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.chestronic.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    8$@oJ?OGP~ge

Targets

    • Target

      scan copy-001.exe

    • Size

      1.1MB

    • MD5

      e5f75d96fdbd9b2edf0623ca56e60a84

    • SHA1

      93e0f48621b5550f72869c371796f2c04be9d8fb

    • SHA256

      22a1bf1796ab58532e00602c90341a0e095f752c646c3614a115ede18c91f3cf

    • SHA512

      3191abf781821c47d1e7a8d1acbc8ddab9147074d49a77566bf6e708b285c643084b14900fc378fc931bd2362e3de2a45e6b3e7afe7c1d8676159fda8e228540

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks