Overview

overview

10

Static

static

3

SecuriteIn...72.exe

windows7-x64

10

SecuriteIn...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.1072.24827

  • Size

    720KB

  • Sample

    231201-mh22gshb6y

  • MD5

    741a5a12f09c04ea3e9016b0df5b1619

  • SHA1

    70bc8da958d222169fbbaeef24caf81dcad79403

  • SHA256

    34e80cd7697e28920dc9d333f057b29cb3e4010a8be917130a9c3137aabfb547

  • SHA512

    3b0150010c59a28dbf8206ac2210cc953538af03129af9772e0aa780209637a37496d01573222eb5f7e322da8d5910c5f40cfd0b29d7a4ea3c8ae046ac2578b5

  • SSDEEP

    12288:qhdIaRFF8dhPVYuKpqScN28sYpOI0fEPwtn/2eSJ+3pOlLAeqo9gp:qhPFShPVYu4Zu28sYYIOqSn/U+3pOlL/

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.1072.24827

    • Size

      720KB

    • MD5

      741a5a12f09c04ea3e9016b0df5b1619

    • SHA1

      70bc8da958d222169fbbaeef24caf81dcad79403

    • SHA256

      34e80cd7697e28920dc9d333f057b29cb3e4010a8be917130a9c3137aabfb547

    • SHA512

      3b0150010c59a28dbf8206ac2210cc953538af03129af9772e0aa780209637a37496d01573222eb5f7e322da8d5910c5f40cfd0b29d7a4ea3c8ae046ac2578b5

    • SSDEEP

      12288:qhdIaRFF8dhPVYuKpqScN28sYpOI0fEPwtn/2eSJ+3pOlLAeqo9gp:qhPFShPVYu4Zu28sYYIOqSn/U+3pOlL/

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks