Overview

overview

10

Static

static

Packing list.exe

windows7-x64

10

Packing list.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Packing list.exe

  • Size

    720KB

  • Sample

    220906-1v2hdaaec2

  • MD5

    664062762de8fdfb381268ae566f3d9e

  • SHA1

    d9f2cbd717f700fe9046f947f62fa9d906b3d46f

  • SHA256

    7cffd8eb6866547d175295072b7f1b180467a29b537da3ede1f2c3ebe11c7aaf

  • SHA512

    66dc66420565f1b4b2b34a6b5dff7c1dfda6ac9fb65a12738066d866abf8e91afc462d94d1f9c51d9b00bb6158819d69b17aa47787bfa98a5e93168174bb611a

  • SSDEEP

    12288:TRbG5h7Tu3XDG2g9YIDz+gbldEevK1pisp2VDPrv/ugwyu4CkrOP7Vg:dG5d4G2UpZdEeC1pispaDDHugwv412h

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5056459562:AAHQW9wJvHEkQsnxuML0xV3IDA6-DUuUNFI/sendDocument

Targets

    • Target

      Packing list.exe

    • Size

      720KB

    • MD5

      664062762de8fdfb381268ae566f3d9e

    • SHA1

      d9f2cbd717f700fe9046f947f62fa9d906b3d46f

    • SHA256

      7cffd8eb6866547d175295072b7f1b180467a29b537da3ede1f2c3ebe11c7aaf

    • SHA512

      66dc66420565f1b4b2b34a6b5dff7c1dfda6ac9fb65a12738066d866abf8e91afc462d94d1f9c51d9b00bb6158819d69b17aa47787bfa98a5e93168174bb611a

    • SSDEEP

      12288:TRbG5h7Tu3XDG2g9YIDz+gbldEevK1pisp2VDPrv/ugwyu4CkrOP7Vg:dG5d4G2UpZdEeC1pispaDDHugwv412h

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Drops file in Drivers directory

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.