Overview

overview

10

Static

static

MT1O3 copy.exe

windows7_x64

10

MT1O3 copy.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a376027044254b836abdc37288abe2971850ec28c72cd48f9a989ba0f716297

  • Size

    480KB

  • Sample

    220520-3ce8jabehp

  • MD5

    1cc704dac7a12e7b678ebb8829cb01bf

  • SHA1

    f4c00db68949f92f92213a641f1fafbf4554918c

  • SHA256

    7a376027044254b836abdc37288abe2971850ec28c72cd48f9a989ba0f716297

  • SHA512

    138552df394b5b5140bf447ac3175be02a979e69013a02a9d94eea1b39aa8bd2c2b8a390cddbba5acd9ac9459b35b16758d638c58d620a48cca50b67e274682f

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.varda.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    varda9997929

Targets

    • Target

      MT1O3 copy.exe

    • Size

      687KB

    • MD5

      7bbb99107a9ae85a281bb69bc80f4420

    • SHA1

      557499b642dc4e5081e8216fe9e500fb15659f88

    • SHA256

      322eeeb2b916b9cbced49b43ad579f100ede0dd79ae6cb115f764084ed0a3627

    • SHA512

      1c2f04060d2685374ba211fbbdd78669adab36b73337fafa7eeccfe2fe7aab91a970132c83c3341e014bfd541ad27af2931b0db0f10ac4cb6b71f0bf8b936903

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks