Overview

overview

10

Static

static

7

SHIP PARTICULARS.exe

windows7-x64

10

SHIP PARTICULARS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIP PARTICULARS.exe

  • Size

    453KB

  • Sample

    230519-ql8j8agg9x

  • MD5

    c04215e833e361c1ae1a08f2aba85e07

  • SHA1

    c90112d6c22d213018d54bfb68e25d864ae7e546

  • SHA256

    765c609266421fe30c769a001ca281aef3341c889230ae4c328f05cf69c89d6e

  • SHA512

    93c78513ddc27c09988ec823224956daad63933d461a2575c925d3a680aed671bd35cf3fec3fd42f8e7374a6ce48aac771550e4edd949fc07344fde17252eee1

  • SSDEEP

    6144:zAJGMcnDC6+r7eCtNnhkTUQ1O37EagSBG+wKb5sOqk1vwuRcYn4:Umr6tg3147LbrwKbFqk1YuRc

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1897716112:AAEAtOCkOV8umHBB93Og24bkiIdUKReGK44/

Targets

    • Target

      SHIP PARTICULARS.exe

    • Size

      453KB

    • MD5

      c04215e833e361c1ae1a08f2aba85e07

    • SHA1

      c90112d6c22d213018d54bfb68e25d864ae7e546

    • SHA256

      765c609266421fe30c769a001ca281aef3341c889230ae4c328f05cf69c89d6e

    • SHA512

      93c78513ddc27c09988ec823224956daad63933d461a2575c925d3a680aed671bd35cf3fec3fd42f8e7374a6ce48aac771550e4edd949fc07344fde17252eee1

    • SSDEEP

      6144:zAJGMcnDC6+r7eCtNnhkTUQ1O37EagSBG+wKb5sOqk1vwuRcYn4:Umr6tg3147LbrwKbFqk1YuRc

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks