Overview

overview

10

Static

static

5

SH097858U8...__.exe

windows7-x64

10

SH097858U8...__.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c0461dbb9fc20dac633e2a8050a0405eff3920bdf95ea435ec0f132be71791da.zip

  • Size

    666KB

  • Sample

    240312-dmtfgage99

  • MD5

    231e981d44abdb8591fb373215dca0b9

  • SHA1

    8afa22842215ca2521ab82eab897b8ae8ca1febf

  • SHA256

    c0461dbb9fc20dac633e2a8050a0405eff3920bdf95ea435ec0f132be71791da

  • SHA512

    02c8f97862cbf54d2dd925e366a54d1d5ae3cf6c9f0370f34a87aad1686c9825966ad6f14d22caa9ba23461d6f20b38e95ed1270358e7415c5b896f9c69039ec

  • SSDEEP

    12288:oK834BSRUV2jtW7Nxzi7hAcmgVTg3kkhEEFegYnqO9rgD20XMopIg2450J2w0OB:U34Bxe4NM9JO3kkhJFegYnxlgD2rmVax

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SH097858U8900_589065U99_________.bat

    • Size

      1.2MB

    • MD5

      c62737b46e1574b9e6a39071d50e2799

    • SHA1

      714b774cb38a3eff1ca523faca4f1317c79549c4

    • SHA256

      56fe767b8cff3d3f7af8fd5c0b5460ac1e6632de9735d209b89c310336fe35a6

    • SHA512

      b0ce84d39ef90684d706d8cfd13a46ff5233a689382e48a0addd3ab9aaa1b7c689a3ecaed136678a325c42130a785e805b25a043a19151b4ea6b1e99b3b8af4a

    • SSDEEP

      24576:MAHnh+eWsN3skA4RV1Hom2KXMmHab0stsml2qnC5:rh+ZkldoPK8Yab0IkB

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks