Overview

overview

10

Static

static

a6cb24ec48...97.exe

windows7-x64

3

a6cb24ec48...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

  • Size

    1013KB

  • Sample

    221125-ldjhxafh77

  • MD5

    a8cf327f63f544a6af4510fa03f74ccd

  • SHA1

    88a50f86cce5e13908926255fed532037831e389

  • SHA256

    a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

  • SHA512

    bf22da3f713be75aa0f8cc3a75ed24b982b4dd552080e961ed7d206b604417e9109a03511d7fa3044a6a90d1fd68414e20d198a632e2e7e25a29b6ef20666ebd

  • SSDEEP

    12288:nGFXPgj5yV2DFFXQeqwYX1XpgztJdszAcBoTCovmUCSFkgO/g7dAk+ude/icqchC:n4gWqQeSrWpV+otvmazO/gBAn

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    server122.web-hosting.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    OJZg,yx3yFHQ

Targets

    • Target

      a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

    • Size

      1013KB

    • MD5

      a8cf327f63f544a6af4510fa03f74ccd

    • SHA1

      88a50f86cce5e13908926255fed532037831e389

    • SHA256

      a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

    • SHA512

      bf22da3f713be75aa0f8cc3a75ed24b982b4dd552080e961ed7d206b604417e9109a03511d7fa3044a6a90d1fd68414e20d198a632e2e7e25a29b6ef20666ebd

    • SSDEEP

      12288:nGFXPgj5yV2DFFXQeqwYX1XpgztJdszAcBoTCovmUCSFkgO/g7dAk+ude/icqchC:n4gWqQeSrWpV+otvmazO/gBAn

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks