Overview

overview

10

Static

static

3

Dispatch Details.exe

windows7-x64

10

Dispatch Details.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dispatch Details.exe

  • Size

    666KB

  • Sample

    240212-kepwmsgh3w

  • MD5

    311d25fbd99f007e030d5e0ee174f73c

  • SHA1

    b055ceb16c9a6eb74875f47b3746851e8ecccedd

  • SHA256

    6b8bddabcfb3f12258d513da1d26230a9ca39b3d1796afd63fa32cb9d29594db

  • SHA512

    b26231ca787e0a5875c6c61b054205d94aeac47e2054448b890e76dc99bb7c3b77e7e8a630af0ebef5684985dda47f41c605531bc0eba81b181d1efcf64c3af4

  • SSDEEP

    12288:IxEd6x+J3cYI8CLWk+lyKt/0/iTwactW75AT2645dQgv28bt2m+T4Y4nq8syWxF:IxcGOIxWknC0/5olxKx8MmrI

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Dispatch Details.exe

    • Size

      666KB

    • MD5

      311d25fbd99f007e030d5e0ee174f73c

    • SHA1

      b055ceb16c9a6eb74875f47b3746851e8ecccedd

    • SHA256

      6b8bddabcfb3f12258d513da1d26230a9ca39b3d1796afd63fa32cb9d29594db

    • SHA512

      b26231ca787e0a5875c6c61b054205d94aeac47e2054448b890e76dc99bb7c3b77e7e8a630af0ebef5684985dda47f41c605531bc0eba81b181d1efcf64c3af4

    • SSDEEP

      12288:IxEd6x+J3cYI8CLWk+lyKt/0/iTwactW75AT2645dQgv28bt2m+T4Y4nq8syWxF:IxcGOIxWknC0/5olxKx8MmrI

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks