Overview

overview

10

Static

static

e33ac82c14...60.exe

windows7_x64

10

e33ac82c14...60.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e33ac82c14447959cb7aed86bd915960

  • Size

    684KB

  • Sample

    210727-256e7jsmh2

  • MD5

    e33ac82c14447959cb7aed86bd915960

  • SHA1

    9ea25902ed4f55813ae2708ce237bbf3b89f924a

  • SHA256

    3bcc082fdf8172ec9014d27d75cd67698ac1f27228a698849fad2a56fe94ca0f

  • SHA512

    734cdfefd8e00be8e26f20d8e7fa0a522ddc25cd0fff2528ef283d54a749c5d7ccd415273117bc942cb0927ef2a4cebb42177a0c5f3000287c54f6d290a89091

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    ddelande@quadrel-com.icu
  • Password:
    snookiep@123

Targets

    • Target

      e33ac82c14447959cb7aed86bd915960

    • Size

      684KB

    • MD5

      e33ac82c14447959cb7aed86bd915960

    • SHA1

      9ea25902ed4f55813ae2708ce237bbf3b89f924a

    • SHA256

      3bcc082fdf8172ec9014d27d75cd67698ac1f27228a698849fad2a56fe94ca0f

    • SHA512

      734cdfefd8e00be8e26f20d8e7fa0a522ddc25cd0fff2528ef283d54a749c5d7ccd415273117bc942cb0927ef2a4cebb42177a0c5f3000287c54f6d290a89091

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks