Overview

overview

10

Static

static

2bef0c5c20...01.exe

windows7_x64

10

2bef0c5c20...01.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5109343368413184.zip

  • Size

    617KB

  • Sample

    210727-bd6znzhtex

  • MD5

    ffee81e7f39c6e47d5a63bac09dff2de

  • SHA1

    1febc4e9b96c8d9cb53cbd3bdf6dd542df3f4b4a

  • SHA256

    c5ac196d88b4a5acfd9d2278df2129e4034518263526e84eb8e0c8617dde63be

  • SHA512

    aee3050503c96c0bb4afcba126295e919498692d2056aeaffb9df221445d1eb1a9218443fe5a2e912384e8f9a9e10f80bbe4bfd96b130fe6e19af39f27676782

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.sidlewtex.com
  • Port:
    587
  • Username:
    sales@sidlewtex.com
  • Password:
    swyvt(K2

Targets

    • Target

      2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01

    • Size

      1012KB

    • MD5

      0d369ff4696ecb4abbccc7eabe5711b8

    • SHA1

      9ad99109bd4e3a87c3a22026c71debefcd97b907

    • SHA256

      2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01

    • SHA512

      fed89f204acccde867f1b8dabcf10f5edcd56b5811e10db061dcf90b9c2c796fb2afa85d2feeffc28f77e772e724ba37a95dab44cc843b1fdcf6441f5b0a442d

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks