Overview

overview

10

Static

static

1

PO 4500022412.exe

windows7-x64

3

PO 4500022412.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 4500022412.r15.rar

  • Size

    13KB

  • Sample

    230203-rqp44sff88

  • MD5

    d0b5157a6912bb9e22bcee4a62795fdc

  • SHA1

    2bbe7f83485ae00a13d25adc60609d84740b6172

  • SHA256

    4b2fb9cf30f2decd8a519fe93881ff94b368f69c87570060133201ed4925d193

  • SHA512

    4d89dbd08431a673ef713647eb2b2258c6857057da41a19db1f6f9a60664a9f470b373d629505aeceb0efada219143891eae806960c59a80685bda566356bf6d

  • SSDEEP

    384:JTX+nJN2sJxxzIuSL+cUvVkDTIpo7LFiPU/:JTWRJH7SyDyDT2qV

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PO 4500022412.exe

    • Size

      37KB

    • MD5

      78f270cbab89f32c355f1b9354e74a17

    • SHA1

      ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093

    • SHA256

      3a0a9c9d17e7d5ab347cf05ec50ea6a758b966859e218ed36a95eefc9a5eff2d

    • SHA512

      29d5394d7cb67a6892c217c724454a66efefcdcc0b22e91ac120956ef196066635ebc76d04c141e85eb068f4ec5e9cecc15510e7e2e1ccd5575f3915a7aef69e

    • SSDEEP

      768:tevPNqfe1TxGW+t12vXOguVQt+hEqt5RYVMb824v:ONqm1T4W+t1eXVsw+CqtfYE

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks