Overview

overview

10

Static

static

db7c98672e...30.exe

windows7-x64

10

db7c98672e...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8489502560.zip

  • Size

    828KB

  • Sample

    221202-ls1ezaec64

  • MD5

    ee9ee5f1f7b0228933ac6ba67bae98f2

  • SHA1

    41b405d6c6b861ed182ea949821d4b4f53ce702c

  • SHA256

    4a309675ee3c7b89cfdc3c270da949fb76e4f44962a4a83792dacf879d846f85

  • SHA512

    2cce8add02d1c386f868fcc103ea1f10df1f629af09d08dcb02b2b3227a5d5b560552544848e18a8fc3f14e43cf1e0696d54c8daa91eb587538e450c2a69f475

  • SSDEEP

    12288:toKLyGRplnNCPAHBzPKEKm3tDYCExnGHWPa2pQ78cr68A3sG4+7LZV0z77o3KIGz:eQBPlJWEKmKCKG2Pl6D6Y77o3EGmS8Bj

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    host39.registrar-servers.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    payment 12345

Targets

    • Target

      db7c98672e8f63508346396c087aa31ef5eb3b922df16cc5a53ad08749b8f230

    • Size

      978KB

    • MD5

      665b42c21f960802736671670bf1d607

    • SHA1

      be7475b3d5f9a136116583d630ad6dc1d739408c

    • SHA256

      db7c98672e8f63508346396c087aa31ef5eb3b922df16cc5a53ad08749b8f230

    • SHA512

      550da3fc4b25d838934aa16a1adc25dfc9fe274e582862e0363ffefa60f5fd77ba9ab1b68b55e79226f86e40359a8a8e4df79525cb8514d34a78e813f724db6a

    • SSDEEP

      24576:qx6XajJQ5B8pnzTSiKhpvAAc+QL+2d01Ms7bhDT:R4JDZvSiKDvAAQVSb5

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks