Overview

overview

10

Static

static

10

1992-72-0x...ry.exe

windows7-x64

10

1992-72-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1992-72-0x0000000000400000-0x000000000043D000-memory.dmp

  • Size

    244KB

  • Sample

    221125-svq3msgc34

  • MD5

    eafd1bff062f8edb0ed644c3a6bd5d65

  • SHA1

    cdc15a5eedf87e2c6ec547f24e833b8ccf1b0cc1

  • SHA256

    8e286696a68fbea67a45b8b49daf8d6b486340d6515a19255f57b42b9a3c053d

  • SHA512

    552f7ac2d6c8c037fcbc81d968e6e41517eb95e0bdc35d7b4c2525279e17d31cd62d02e675d1406b345b90809d9837a68de05103ace766d266c52cb9e3fc4ed5

  • SSDEEP

    3072:AHWG7oJ4jT1Yto2mAFPlfT0bxzbUKOfeNUY2jzkRhXJwXJ0yeGrptQY3FXJzNvG5:A2GPTC59E1Uffe+Y2chX2XciJVXFNvI

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

http://107.189.4.253/zipone/inc/10c5bcaaef047d.php

Targets

    • Target

      1992-72-0x0000000000400000-0x000000000043D000-memory.dmp

    • Size

      244KB

    • MD5

      eafd1bff062f8edb0ed644c3a6bd5d65

    • SHA1

      cdc15a5eedf87e2c6ec547f24e833b8ccf1b0cc1

    • SHA256

      8e286696a68fbea67a45b8b49daf8d6b486340d6515a19255f57b42b9a3c053d

    • SHA512

      552f7ac2d6c8c037fcbc81d968e6e41517eb95e0bdc35d7b4c2525279e17d31cd62d02e675d1406b345b90809d9837a68de05103ace766d266c52cb9e3fc4ed5

    • SSDEEP

      3072:AHWG7oJ4jT1Yto2mAFPlfT0bxzbUKOfeNUY2jzkRhXJwXJ0yeGrptQY3FXJzNvG5:A2GPTC59E1Uffe+Y2chX2XciJVXFNvI

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks