Overview

overview

10

Static

static

1

TT Copy.exe

windows7-x64

10

TT Copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT Copy.exe

  • Size

    795KB

  • Sample

    230403-qa5deseh54

  • MD5

    feb570bffcd8d8ac2065edfa8117217c

  • SHA1

    3eb75d1f94f1e219ee465e2726d49a315d5bba2c

  • SHA256

    fce3edc1cf76792c761a9acddd97fc3700db91a23926491cfb3e00ca4eea234a

  • SHA512

    a8ca50d842e9710f5e0252266a885581d33894adc2c44753a705eb5bb19bf372f0f94802cdf316702a46cea3964ad3bcb726586002d5b02db596c7645e3ea5bd

  • SSDEEP

    12288:A7L5CBWKdq1FbwwJLwr3oJin2jmf4H2QjBJ6KTzbzWvkE+KTIN3VMkJkDPImZDO0:1frpcpjmfW6wzWkE7EMM

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      TT Copy.exe

    • Size

      795KB

    • MD5

      feb570bffcd8d8ac2065edfa8117217c

    • SHA1

      3eb75d1f94f1e219ee465e2726d49a315d5bba2c

    • SHA256

      fce3edc1cf76792c761a9acddd97fc3700db91a23926491cfb3e00ca4eea234a

    • SHA512

      a8ca50d842e9710f5e0252266a885581d33894adc2c44753a705eb5bb19bf372f0f94802cdf316702a46cea3964ad3bcb726586002d5b02db596c7645e3ea5bd

    • SSDEEP

      12288:A7L5CBWKdq1FbwwJLwr3oJin2jmf4H2QjBJ6KTzbzWvkE+KTIN3VMkJkDPImZDO0:1frpcpjmfW6wzWkE7EMM

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks