Overview

overview

10

Static

static

3

DHLPAYMENT...62.exe

windows7-x64

10

DHLPAYMENT...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHLPAYMENTREQUIRED1003671162.exe

  • Size

    904KB

  • Sample

    231205-v3bc9sdg69

  • MD5

    b665055897fc3b8a557568abc0d1df34

  • SHA1

    e73d473568ddf632d898f286967d26e75b298f3d

  • SHA256

    dca9d727db76dbb43b69e5ea1911861bfdc0aa9e13b954da78bcf2a36a92a9b3

  • SHA512

    abba46a3db77a20fce957d7d684b17bb75be5aabd3281b36ae9b639ec3df76c38ce9c1e5b2bae9c3f5a87026d3596fa3ce5e46cda2aeb1f3c72db77a886fd488

  • SSDEEP

    12288:ahl5nF8/VdqrlbjGIHcSY8/TJGxE05hCr0Dr6zz/rTWrRREeeM5QlaBNdoP7r9ry:0l+qhbjGn+/1Ga05BDm3rYRR+so1q

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      DHLPAYMENTREQUIRED1003671162.exe

    • Size

      904KB

    • MD5

      b665055897fc3b8a557568abc0d1df34

    • SHA1

      e73d473568ddf632d898f286967d26e75b298f3d

    • SHA256

      dca9d727db76dbb43b69e5ea1911861bfdc0aa9e13b954da78bcf2a36a92a9b3

    • SHA512

      abba46a3db77a20fce957d7d684b17bb75be5aabd3281b36ae9b639ec3df76c38ce9c1e5b2bae9c3f5a87026d3596fa3ce5e46cda2aeb1f3c72db77a886fd488

    • SSDEEP

      12288:ahl5nF8/VdqrlbjGIHcSY8/TJGxE05hCr0Dr6zz/rTWrRREeeM5QlaBNdoP7r9ry:0l+qhbjGn+/1Ga05BDm3rYRR+so1q

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks