Overview

overview

10

Static

static

5

b7d6be7080...7b.exe

windows7-x64

10

b7d6be7080...7b.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    b7d6be7080c9caeb2ebea8764f9804f0fb8cb7185d67b5fcf8f4c7dbe0d8067b

  • Size

    971KB

  • Sample

    240214-b8dk2afc44

  • MD5

    6e34450e0165fc144918a1b1c864903b

  • SHA1

    89573d3cea44d4fb9dc1724f6c33fbf4e3d8c85a

  • SHA256

    b7d6be7080c9caeb2ebea8764f9804f0fb8cb7185d67b5fcf8f4c7dbe0d8067b

  • SHA512

    a9ed0e246f6f1dec15e019f9d369907ef125225732d333da29c1f03e8c07b186d52f3f901a402efc68a43e58c2f39c685ad9a8a983b1ad6f972b5dff253b7237

  • SSDEEP

    12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4ae9MxUwOCNSGK+KVFeKWwb:pRmJkcoQricOIQxiZY1iae+yDZGJSD/T

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      b7d6be7080c9caeb2ebea8764f9804f0fb8cb7185d67b5fcf8f4c7dbe0d8067b

    • Size

      971KB

    • MD5

      6e34450e0165fc144918a1b1c864903b

    • SHA1

      89573d3cea44d4fb9dc1724f6c33fbf4e3d8c85a

    • SHA256

      b7d6be7080c9caeb2ebea8764f9804f0fb8cb7185d67b5fcf8f4c7dbe0d8067b

    • SHA512

      a9ed0e246f6f1dec15e019f9d369907ef125225732d333da29c1f03e8c07b186d52f3f901a402efc68a43e58c2f39c685ad9a8a983b1ad6f972b5dff253b7237

    • SSDEEP

      12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4ae9MxUwOCNSGK+KVFeKWwb:pRmJkcoQricOIQxiZY1iae+yDZGJSD/T

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks