Overview

overview

10

Static

static

P.O MH TERAJU.exe

windows7-x64

10

P.O MH TERAJU.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    P.O MH TERAJU.exe

  • Size

    725KB

  • Sample

    221123-mkdfxaec52

  • MD5

    3f92b90861b8d548506e927ddbe33d1e

  • SHA1

    78b8b24bae9cc21ffbc67bbc0323f5b77437c02e

  • SHA256

    328e38ac2352630a37bee4eda07ea06409b19efbccc66a602008925a3580ffb3

  • SHA512

    b3c34bf0a31370ed7947cbd1cf71714854360891e5425fe364e4196546d272840694174c052de383bc1c6e41c5f1f32360a2c568bd099ca327d14d3dcd4b2446

  • SSDEEP

    12288:rPMsbBtXr+QiAChY41IZzPs+zlWRaYgBvqvMm1PV93v24t9sOL/GXh8L74mBfNUZ:sZbhc1zlwKCUmdL3v6+L74mBfNUstzo

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5597689088:AAGRkM8_oLhmTctTpXeC8jbizUA4eBC_jz0/

Targets

    • Target

      P.O MH TERAJU.exe

    • Size

      725KB

    • MD5

      3f92b90861b8d548506e927ddbe33d1e

    • SHA1

      78b8b24bae9cc21ffbc67bbc0323f5b77437c02e

    • SHA256

      328e38ac2352630a37bee4eda07ea06409b19efbccc66a602008925a3580ffb3

    • SHA512

      b3c34bf0a31370ed7947cbd1cf71714854360891e5425fe364e4196546d272840694174c052de383bc1c6e41c5f1f32360a2c568bd099ca327d14d3dcd4b2446

    • SSDEEP

      12288:rPMsbBtXr+QiAChY41IZzPs+zlWRaYgBvqvMm1PV93v24t9sOL/GXh8L74mBfNUZ:sZbhc1zlwKCUmdL3v6+L74mBfNUstzo

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks