Overview

overview

10

Static

static

3

LAM CHUAN ...df.exe

windows7-x64

10

LAM CHUAN ...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9499146a540aa410852d3ae7bb61d747e449f36c4209f3c9afe35ea1c7195c7

  • Size

    835KB

  • Sample

    231205-t8qjpscd7y

  • MD5

    5d8ed426d33dc630cc84f05c08339936

  • SHA1

    b182fbadeb48530ded88de2ce8c9662f82674ff0

  • SHA256

    e9499146a540aa410852d3ae7bb61d747e449f36c4209f3c9afe35ea1c7195c7

  • SHA512

    b458b73daf4d6a7d857e262ba9ae3cf81e8fb3808d56a0d2bfc5cacf4f462cdf3ae905865dc9d89477a02b2c951d92f86cfec78975104cd805d598a578686c9f

  • SSDEEP

    24576:hvKpO+XEEXgolwKqf0rT6CE0DD/gkaIFUpkM2N7CvmbiK6z7/:hkEKPwKK0fsuD/GIFGkb0t7

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6439280362:AAFxJ6Gm_hfG3MYnjXvw0e4QQEIFTsOjkuk/

Targets

    • Target

      LAM CHUAN Q710901.pdf.exe

    • Size

      1024KB

    • MD5

      8412a2cceb09519e18c3419df99efbad

    • SHA1

      33fdcdd1ea11818c2928d80c52e786b0cca9e522

    • SHA256

      7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701

    • SHA512

      b81f90357485356ec5b678e19d41359db65e5b9f328a9d94d4d76fbecee5286cffbce4ce95c9dd7109044fe95b37abcfee6bae443930f22e5cc218808b849d8d

    • SSDEEP

      24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks