Overview

overview

10

Static

static

3

MT103.exe

windows7-x64

10

MT103.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3239f36044eff21de6675f1efe4df404dc2a46387637fc434c49f3754d2cf37f

  • Size

    577KB

  • Sample

    231011-s1nvgaaa75

  • MD5

    ddd3f939f69070a6d1413eed3f4f4cc2

  • SHA1

    4046ccf27e5f395ce36c8a284e1151ac97ca4b13

  • SHA256

    3239f36044eff21de6675f1efe4df404dc2a46387637fc434c49f3754d2cf37f

  • SHA512

    f2f08f2a448034e8daf7f51155d082c4861236f47dd156bc9e6a6284b7adecdec9feb28b4ee910b7f2fc4fb887ff9b99b6cd45c5d8616a979cd26a33088b0336

  • SSDEEP

    12288:OaPTvDhpTuD1KKG8JSNTe/rh8i7K/q3LF23MRplDUgYKZ:OarvDhpTusLNq/rDr3p1lIq

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      MT103.exe

    • Size

      663KB

    • MD5

      720a42feb540dc11b7048246932c0bff

    • SHA1

      962e757e1a74e3a5030106832e62ebc459a3557d

    • SHA256

      d61e3784b7daf6605b40092e7eefa5844f36dfdc2235d90bf8a2ed164da875ad

    • SHA512

      af718f45f16a027e7c2ee39890db541200e67327fc00a2ea9581385c729cbb73dcc033fc1c6de28716ce89d071040b17baed600b5b8615068fce3204a73ccd5f

    • SSDEEP

      12288:i0WWObWAZ1Tut1OJI+yByzqyANhML9MpSsVl:14LTTuLBovANSLeUol

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks