Overview

overview

10

Static

static

3

PDA STATEMENT.exe

windows7-x64

10

PDA STATEMENT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc8767fc3ab5a4e2d11a9118b0d33d448dc829a15e10d88a2ad5d2727b1813e2

  • Size

    499KB

  • Sample

    231205-df8a2sgh8v

  • MD5

    61dac77b8983f470588396455ba71c3c

  • SHA1

    75a671866828aea058efba9d5bdd98f56442e811

  • SHA256

    bc8767fc3ab5a4e2d11a9118b0d33d448dc829a15e10d88a2ad5d2727b1813e2

  • SHA512

    dc62a03cfe580f79379b5b5361ec86187f02f0c0df32b92d9c336a68b9e32591f06960769994840be1af92040007452c90406a1b84127de0b11d27f0d396ff31

  • SSDEEP

    12288:PT14VGsygAzWPRktRHLcaOemXduC5uGCTKa:P+VM3qPRktRrnO94C5aKa

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PDA STATEMENT.exe

    • Size

      517KB

    • MD5

      99e05e1f4c3726434476aedddfbe2e3d

    • SHA1

      da507c4274759703aa25ca68b9cb01929c129663

    • SHA256

      031373e0c892da52577e9eb17ea541a7d874362c9845a3f36ce479c545624e5f

    • SHA512

      833328a134028f79afae86426a61abe7ecf1a29e2da39814f3087435d80d19418ffb176b237f9befbbb7f0146f4b7510777ebe35f21052b105b65589fc971186

    • SSDEEP

      12288:3GOA/39mIIvL16/WPRAlRHrvXKWdtaFKQ4J66:3GOA/t4jPRAlRLDnIk6

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks