Overview

overview

10

Static

static

[C38226] #...fg.exe

windows7_x64

10

[C38226] #...fg.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd76be54e0e1491dafca9479963dd703cc32650389295a69204ba5cfed8c1d4

  • Size

    636KB

  • Sample

    220520-3hgzbabhaq

  • MD5

    0e994a51b2287523cffcf9c79843c44a

  • SHA1

    522a1327cf9cca90198ae48549b5c1579f4c9377

  • SHA256

    fcd76be54e0e1491dafca9479963dd703cc32650389295a69204ba5cfed8c1d4

  • SHA512

    30224adfe2ea3265c2ad99611a346702b11eeec44f446daed4952d590ab115bbff7981f7d51d7a4e2e678d2f17f56326269dd18ea17bf3f3f1fca55c869a438d

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.justrghtinc.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    h~pd6Qw0}z+Y

Targets

    • Target

      [C38226] #TD JMMasuda_Mfg.exe

    • Size

      575KB

    • MD5

      5c3ebfee342ed55ad799a2498264bb74

    • SHA1

      4d34d2ed85495eacf1c212efc42f1416ab1ab3fe

    • SHA256

      cec63a7a18270b5f0115e58279c986e20fb5b2fb16ea1d2c4b57849d0456b827

    • SHA512

      b3e91bf448942cd096cf66afd88be1c30b71d9f6d5ea02c9768adcddb7188b48923cfe08bfae02374c4ccc34cb44223672ff97a3b0f94ce88f81fd02b767a879

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks