Overview

overview

10

Static

static

1

3736a32db4...b8.exe

windows7-x64

10

3736a32db4...b8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7513d92dd73d9db3285bed20b2ea8bda.bin

  • Size

    310KB

  • Sample

    230302-bqtjjaae7t

  • MD5

    49ceddd61cf711f6f0e2a842d8a3060a

  • SHA1

    9c5f2a29ba592177a17faa6afa87e47d4883da10

  • SHA256

    79e4b23fe0359eb893586407db5b0be076933f02d3dcdd3935e2414cd314abf4

  • SHA512

    a04e5b4808967225a8433bffa51a289d856a5aa9b7d2e82b87f7cd42a1655c3a0e035e2b92f0182d2f2eeb49e2546dc71fd22a6a1c5867d59e0114229e0383d4

  • SSDEEP

    6144:HXf6g6qTh1QyXgz1lWGySscjiSqo0BE96w5mm6AvkemkLFQ7fr3jqT:gqThKyK1lSYmSxdmzAMa0z+T

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      3736a32db47acc255fcf48ecbc756e24eecd93fe5d5b3267d5c4c1eca68430b8.exe

    • Size

      324KB

    • MD5

      7513d92dd73d9db3285bed20b2ea8bda

    • SHA1

      8039c0a3b570da6b29c3ca0bc9d5803bf46e7bc9

    • SHA256

      3736a32db47acc255fcf48ecbc756e24eecd93fe5d5b3267d5c4c1eca68430b8

    • SHA512

      c7dd36c252107e5b0954dc32e439092248533600c9bb1fd12406c5b24bc3eadbd6a5efbb1a1938a260b857c94cd6c7dd4bb824373de9c5376b4f4b398f6244d1

    • SSDEEP

      6144:vYa6kNxUn+H2kUSEs82wsFfE+9YwuqEeR/1ABwEVN5NCQcFUsFt7:vY6NQs8A1v9YwfNV1ABwEf5NCQcFUCt7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks