Overview

overview

10

Static

static

1

SN65LVDS.exe

windows7-x64

10

SN65LVDS.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    292604d64a1a4b171b7ff63926852f2a.bin

  • Size

    1.2MB

  • Sample

    230518-bddybafh7y

  • MD5

    292604d64a1a4b171b7ff63926852f2a

  • SHA1

    4518d7ddf64ef67826ba315ae3b81a30b9b74662

  • SHA256

    8c99f9a37cd0abe38aa8707d6b56bae81211e23f8a8b77eba74fd153d364c19d

  • SHA512

    f86bbb1e0c324632e470a45d617811eff7fcfa36462ce707e3e1543ffc209ab3fa54c764075efe2a3eef0289b5b0d302d1bce5f903a8a7acb61e414b4180ef42

  • SSDEEP

    24576:dcVNlYvWEyLFHGqVC5KUSZmi28EO7QS5O+w2q1ACirGzCnDPdvIgc:Il2WE2Hyp2mi28EOz

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SN65LVDS.EXE

    • Size

      722KB

    • MD5

      71fd045ffa2754d04fb29af569058a4f

    • SHA1

      af8b0633406212abf619ad6e766cdb6d7343dc7a

    • SHA256

      193966c2198bd342a53892d74603233c2107d10b9d8507356b41a4666dfd8d16

    • SHA512

      28e0e7a4379e2c403819f8f8e2ee7c03de842929e7376624a9b0594d7e8b68f8d16695d6551c59f46acc46371a6e81a26a087ca11443c23e5e59d18b7a0d13de

    • SSDEEP

      12288:Uc3Ceb+m5NRSMJxG7r0fSzyLnFHPuqh7CFQQKUSNiu/mi28EOlBQS5O+w2q1ACi1:UcVNlYvWEyLFHGqVC5KUSZmi28EO7QSl

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks