Overview

overview

10

Static

static

3

ZIM Third ...ts.exe

windows7-x64

10

ZIM Third ...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZIM Third PartyPlace ents.7z

  • Size

    653KB

  • Sample

    231206-s6l8tsea8s

  • MD5

    1cfdc93a256d2fce20e5f45ff51c7fb3

  • SHA1

    486a6a6d469a77a4c2e54a2726c27d7ed87e00b5

  • SHA256

    a1c015cd5b54daaa34d28df0ed8bb0ed2743994c3b3449a2cebc52f829c2b6d6

  • SHA512

    85d208ff3342361d350647928f76095b6c2657f55b9a5bb17e76ee6b02a3af54141017a0ca5fcd6eb98fff66a9a12709ef2a0a2ca36fbb14d0947535a4b63db3

  • SSDEEP

    12288:nP+/BFw09c31PLk1bG13UW1o0cZBch1ZP9eEgLMg7b9pYe0bJpfkYg0v1p6v//x:P+z9clPLI+3UWxcwh11Eiy9aXbJXgMmh

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ZIM Third PartyPlace ents.exe

    • Size

      883KB

    • MD5

      db1f3dcaf38e21694f56bbe0bda7f65d

    • SHA1

      da91c43d51e1a2f70cd5211a88de5ed7e38efbb7

    • SHA256

      2992b737cc487bae341eee8c6b11377b5baaace7ee2904ba6e4c91c542f1a515

    • SHA512

      d100b8b4b87f83f64bcfeda23e0fa077be8476ee9ec8d941332939f5824eae70fc76d037b22f3018168c185dc472f82a3ecdd906e38a62b13e451ddec6154db1

    • SSDEEP

      24576:W/Le7eGlPG3CfUWrcKh1bnTysQnjTItqb1q:Wa7eGRfdNhKAtn

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks