Overview

overview

10

Static

static

E-20816.exe

windows7_x64

10

E-20816.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658

  • Size

    428KB

  • Sample

    220521-bl9d7afbbj

  • MD5

    2885ee22c9885bba1a8aeab23e0c435d

  • SHA1

    b7344ee8ac4e45ba217b78fab031dcd798454154

  • SHA256

    ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658

  • SHA512

    d91edc78e1b5aaee5fb207e1121c328377be24097842674bc036975270f3dd932e31d96140d95ecdb5f6ceacdc54ef2f76ff57d136d2a6278738ff1a1ff90a6e

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    company1960

Targets

    • Target

      E-20816.exe

    • Size

      469KB

    • MD5

      8e9625359fdd16f2e4d3d3c0e570b190

    • SHA1

      2465e8072b2aa1fb3218b6774fc7ebeb82f3db7a

    • SHA256

      3e7332310ea67e1982c17c325fde52c70c2155f73d2792b51e2484b86ec51e1e

    • SHA512

      7015ee23304c882ce084104a9d8604f17012916faa56f737c293f4668e677c461997310b8a4dbda5b6839383b4c10459bd19a9188b7244b65f255582e4f9bd3a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks