Overview

overview

10

Static

static

TT copy.exe

windows7_x64

10

TT copy.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    500dd1dca55fe496890f2ece67c3a76b682edb01dbb3ce745a28f1dc9bf0cc82

  • Size

    399KB

  • Sample

    220520-3ct2pagfd4

  • MD5

    eda5f6e12545e18ce635a6693fe714e0

  • SHA1

    4e8989c250ebd0089cbe8f583d0712f71e51e32e

  • SHA256

    500dd1dca55fe496890f2ece67c3a76b682edb01dbb3ce745a28f1dc9bf0cc82

  • SHA512

    5fd594eb95f0c2047b3c13275466092356a728414ae4b9b63e6e61bf8218f79064147ad67148d4136f67627df9df59964cdc352dc5457646af857bea855a0449

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ociii.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    yearofblockmoney5024

Targets

    • Target

      TT copy.exe

    • Size

      438KB

    • MD5

      88b0042ee1c7aec435ab5540b1d52799

    • SHA1

      1f3f14dce8acdb7c1f9d49cf06db7738c37b53f1

    • SHA256

      8736ffe12cdc4791e4c340a1da9f52025faea789d2a6f75bda4e24e2a7ff5be8

    • SHA512

      23767c71a8e753ca0aa9732ab500859b77d726ff246c6554ed041e0e9be84f7722c2fd779ec94fa11b59a07b7bc3b26ff4ebb64833f99288d21e8882a23bc787

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks