Overview

overview

10

Static

static

3

mv Afina I...sc.exe

windows7-x64

3

mv Afina I...sc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mv Afina I Vsl's Desc.exe

  • Size

    778KB

  • Sample

    240110-s6681aacdk

  • MD5

    9e02b91e94d45385141412e3c90608b2

  • SHA1

    24af9bb2e1b7bac04a1ebb48f431bc8ec4d5bb4f

  • SHA256

    183c71d2749893b3018f8d521712a58c6b3efd449a5ecbbbb12df1da69e0f7f6

  • SHA512

    d9c6a424bd8ed393e8f23224f054766de2e8aa97741551e4eaf9fcbf5cb8939d52c8b1be5e38891170ddeace6b6dc740aea9973782b799e5f3d39e89faad3e88

  • SSDEEP

    12288:mm5QyiEHaZz20Bi2NKZes2Pjls2LQP+mjp2mcN0w:mryv694UsEmjL

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6890953843:AAESDeAPFWFuXjE5oUpLiVkGoZxJQbW2ZFE/

Targets

    • Target

      mv Afina I Vsl's Desc.exe

    • Size

      778KB

    • MD5

      9e02b91e94d45385141412e3c90608b2

    • SHA1

      24af9bb2e1b7bac04a1ebb48f431bc8ec4d5bb4f

    • SHA256

      183c71d2749893b3018f8d521712a58c6b3efd449a5ecbbbb12df1da69e0f7f6

    • SHA512

      d9c6a424bd8ed393e8f23224f054766de2e8aa97741551e4eaf9fcbf5cb8939d52c8b1be5e38891170ddeace6b6dc740aea9973782b799e5f3d39e89faad3e88

    • SSDEEP

      12288:mm5QyiEHaZz20Bi2NKZes2Pjls2LQP+mjp2mcN0w:mryv694UsEmjL

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks