Overview

overview

10

Static

static

1

SCAN-06-07...01.exe

windows7-x64

10

SCAN-06-07...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN-06-07-2020-1051-0001.exe

  • Size

    762KB

  • Sample

    230403-sp6k5shc2z

  • MD5

    13ad17758e68bfb91cf085ef4774e9b5

  • SHA1

    a7c834e4b39733808b7100cce150bb7f56b4eae8

  • SHA256

    f5c4b5612bc19c2caf01dba4a764a7c0d001ffbc6028c22ad3b30b8757e13cc3

  • SHA512

    0678b9c0cc55283db8eb509477944b5b2d12e3906d14c697c2e13bc78c55b00ee8ee5241d02ac7e3e7f350eaabad584074e5ab1bc1a66ba8a5c18eba2de97078

  • SSDEEP

    12288:15CBWKdq1FbwwJLwrtedxaSwpMmTb0qEWMEeRybNUvGlRqWmyVnei+ygAMiY:+frp5edxah0IMEe0iezqCuF51

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5284884249:AAHYdYga8PsjmQ_REqXTOm0DaBfuXwV9I14/sendDocument

Targets

    • Target

      SCAN-06-07-2020-1051-0001.exe

    • Size

      762KB

    • MD5

      13ad17758e68bfb91cf085ef4774e9b5

    • SHA1

      a7c834e4b39733808b7100cce150bb7f56b4eae8

    • SHA256

      f5c4b5612bc19c2caf01dba4a764a7c0d001ffbc6028c22ad3b30b8757e13cc3

    • SHA512

      0678b9c0cc55283db8eb509477944b5b2d12e3906d14c697c2e13bc78c55b00ee8ee5241d02ac7e3e7f350eaabad584074e5ab1bc1a66ba8a5c18eba2de97078

    • SSDEEP

      12288:15CBWKdq1FbwwJLwrtedxaSwpMmTb0qEWMEeRybNUvGlRqWmyVnei+ygAMiY:+frp5edxah0IMEe0iezqCuF51

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks