Overview

overview

10

Static

static

PI#167213.exe

windows7_x64

10

PI#167213.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI#167213.exe

  • Size

    745KB

  • Sample

    210225-496tbrrm9n

  • MD5

    9001412fdd41d6a89f4f58203baac126

  • SHA1

    1a09816ca58a3bf17ee945f898e4b659d7de58d9

  • SHA256

    63bea72f61d1ff638621a44d1d7328045bfa6c748549ea9637059dfca6821420

  • SHA512

    69f935d9f9df309158fb667d1ef57b18f12b9c172347beba0e3f8b563bb280f1c410c8c05b7f1727a57fdf51c37edcefb70891ee21f696705204b34c3a8595f2

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    webmail.shyamindofab.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    anurag#$486

Targets

    • Target

      PI#167213.exe

    • Size

      745KB

    • MD5

      9001412fdd41d6a89f4f58203baac126

    • SHA1

      1a09816ca58a3bf17ee945f898e4b659d7de58d9

    • SHA256

      63bea72f61d1ff638621a44d1d7328045bfa6c748549ea9637059dfca6821420

    • SHA512

      69f935d9f9df309158fb667d1ef57b18f12b9c172347beba0e3f8b563bb280f1c410c8c05b7f1727a57fdf51c37edcefb70891ee21f696705204b34c3a8595f2

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks