Overview

overview

10

Static

static

1

IMG_0750.jpg

windows10-2004-x64

10

IMG_0750.jpg

ubuntu-18.04-amd64

Resubmissions

24-11-2023 13:04

231124-qa6w9abb82 10

24-11-2023 12:34

231124-pr17nabf4s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_0750.jpg

  • Size

    303KB

  • Sample

    231124-qa6w9abb82

  • MD5

    2a51b0a807d9f22493f43f274bd296d9

  • SHA1

    c08d9785eea512083446f288befd05962685dcfb

  • SHA256

    602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b

  • SHA512

    94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5

  • SSDEEP

    6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa

Score
10/10
agentteslaagilenetkeyloggerlinuxspywarestealertrojan

Malware Config

Targets

    • Target

      IMG_0750.jpg

    • Size

      303KB

    • MD5

      2a51b0a807d9f22493f43f274bd296d9

    • SHA1

      c08d9785eea512083446f288befd05962685dcfb

    • SHA256

      602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b

    • SHA512

      94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5

    • SSDEEP

      6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa

    Score
    10/10
    agentteslaagilenetkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks