Overview

overview

10

Static

static

00-As-99.exe

windows7-x64

10

00-As-99.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    00-As-99.exe

  • Size

    7.6MB

  • Sample

    221017-safq6sccgk

  • MD5

    56332e3f4a1bba0dccf36c491f480dfe

  • SHA1

    6b814d4db3485bd5094f7eb3f19d6e7557ac0305

  • SHA256

    b277d10cf5362346fb3fe06a951362017f2ed2fde7babc49fa85cac908bffd86

  • SHA512

    58633ab7d2d69258be5cb4d42292780127a4fd0f3f877cbf8cd6fe5413f997eb6acb58bf1d112c87cfe39535e83e484ba6ed413023ff6e8d44e0019f27d075ba

  • SSDEEP

    24576:EAOcZ1YBM11Z+SpKkAZ3nmsN8mY/YSX0CtuPbQ6YXGE6Y6exSPuj:SGA1jZ5NYbX0i8Y2UIG

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mgcpakistan.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    boygirl123456

Targets

    • Target

      00-As-99.exe

    • Size

      7.6MB

    • MD5

      56332e3f4a1bba0dccf36c491f480dfe

    • SHA1

      6b814d4db3485bd5094f7eb3f19d6e7557ac0305

    • SHA256

      b277d10cf5362346fb3fe06a951362017f2ed2fde7babc49fa85cac908bffd86

    • SHA512

      58633ab7d2d69258be5cb4d42292780127a4fd0f3f877cbf8cd6fe5413f997eb6acb58bf1d112c87cfe39535e83e484ba6ed413023ff6e8d44e0019f27d075ba

    • SSDEEP

      24576:EAOcZ1YBM11Z+SpKkAZ3nmsN8mY/YSX0CtuPbQ6YXGE6Y6exSPuj:SGA1jZ5NYbX0i8Y2UIG

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks