Overview

overview

10

Static

static

(revised 01).exe

windows7-x64

10

(revised 01).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (revised 01).exe

  • Size

    937KB

  • Sample

    221014-ng5awsdaem

  • MD5

    91767f2a11feeb8f6679f55eb2fa5fc1

  • SHA1

    295c233b415696dc23a10b0b492c66497aa99820

  • SHA256

    ab828ebbb7925536f94b2fe3f34100bdc8326589deb88e90dd3490893495f19c

  • SHA512

    802f3eca5c7b0f82a4ce55c51c33edd92749b713256cc1f0f6ff9f467b3dd6f55f1a7bc639266fe885c057db1198dad99a6cb829c1b3e40a16b74650fa21ecce

  • SSDEEP

    12288:V97M2/1rXIkdhKQ4RBPeNpgGpG6jXHpdH3Zs02DIIDHJ38zc83Q9XCPB7ZbNw+sM:VZJdhKdIpgsLj/x

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    host12.registrar-servers.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    project2022blessing

Targets

    • Target

      (revised 01).exe

    • Size

      937KB

    • MD5

      91767f2a11feeb8f6679f55eb2fa5fc1

    • SHA1

      295c233b415696dc23a10b0b492c66497aa99820

    • SHA256

      ab828ebbb7925536f94b2fe3f34100bdc8326589deb88e90dd3490893495f19c

    • SHA512

      802f3eca5c7b0f82a4ce55c51c33edd92749b713256cc1f0f6ff9f467b3dd6f55f1a7bc639266fe885c057db1198dad99a6cb829c1b3e40a16b74650fa21ecce

    • SSDEEP

      12288:V97M2/1rXIkdhKQ4RBPeNpgGpG6jXHpdH3Zs02DIIDHJ38zc83Q9XCPB7ZbNw+sM:VZJdhKdIpgsLj/x

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks