Overview

overview

10

Static

static

67f8969675...61.exe

windows7-x64

10

67f8969675...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe

  • Size

    819KB

  • Sample

    221206-pwrtsacf3s

  • MD5

    c0e228b66abae5f9cb6dfbf2cea0acd8

  • SHA1

    47e916c0ae80177dfd9bfa697f45344f42108963

  • SHA256

    67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61

  • SHA512

    6c7bda94a0f0b41223ada89ae9c2bb584feef05294d20e74864edde843cb2efddb87684ca3a8d8a72f5924441ee31a7e201fdb1234950cdd63b417234305cfd5

  • SSDEEP

    6144:OXQxSka4ihChxppWtvG8KSx2f3E3Y9tQ3XgPQB2cpMF:OXQxBbihChxppW63E3Y9tQ3XgPm2cpM

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5970985875:AAGxcS7riy4ZlEmFj2Z031AsUoRvment2iI/

Targets

    • Target

      67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe

    • Size

      819KB

    • MD5

      c0e228b66abae5f9cb6dfbf2cea0acd8

    • SHA1

      47e916c0ae80177dfd9bfa697f45344f42108963

    • SHA256

      67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61

    • SHA512

      6c7bda94a0f0b41223ada89ae9c2bb584feef05294d20e74864edde843cb2efddb87684ca3a8d8a72f5924441ee31a7e201fdb1234950cdd63b417234305cfd5

    • SSDEEP

      6144:OXQxSka4ihChxppWtvG8KSx2f3E3Y9tQ3XgPQB2cpMF:OXQxBbihChxppW63E3Y9tQ3XgPm2cpM

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks