Overview

overview

10

Static

static

3

fd62e09831...9f.zip

windows7-x64

1

fd62e09831...9f.zip

windows10-2004-x64

1

fd62e09831...9f.exe

windows7-x64

3

fd62e09831...9f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip

  • Size

    600KB

  • Sample

    240326-q5p7zsbf32

  • MD5

    d9608fa1b9b8f21f6d8eb3a8df548ca4

  • SHA1

    3f43ab87492586fb02d946313258a7dfcf7c3633

  • SHA256

    0ca1f4675b19e6709de68df24372b88c6f7322a6d2c25b4fd61bb7670e34b84d

  • SHA512

    6049371f4f579cec7beca19a2412e08b7a1fa5b68d422b074394be44ac970f582b2ac1d63067f61f946fb0ca32f0fc0ca6d716535ff77e436576b7e5049233cf

  • SSDEEP

    12288:MBJJjQZ8JuenoBdBbmB1XrDHIlbn4CUoEsfVbhpl5aJIFD:e/gEoBdG1XrL+bn4ifVbu6FD

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip

    • Size

      600KB

    • MD5

      d9608fa1b9b8f21f6d8eb3a8df548ca4

    • SHA1

      3f43ab87492586fb02d946313258a7dfcf7c3633

    • SHA256

      0ca1f4675b19e6709de68df24372b88c6f7322a6d2c25b4fd61bb7670e34b84d

    • SHA512

      6049371f4f579cec7beca19a2412e08b7a1fa5b68d422b074394be44ac970f582b2ac1d63067f61f946fb0ca32f0fc0ca6d716535ff77e436576b7e5049233cf

    • SSDEEP

      12288:MBJJjQZ8JuenoBdBbmB1XrDHIlbn4CUoEsfVbhpl5aJIFD:e/gEoBdG1XrL+bn4ifVbu6FD

    Score
    1/10
    behavioral1behavioral2

    • Target

      fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.exe

    • Size

      613KB

    • MD5

      fca326ddaec93f996764280283e13ff6

    • SHA1

      c1fd93944936ca86099bc20365295c96be975842

    • SHA256

      fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f

    • SHA512

      faa66593aed94623e8335c3b8293e953464ddf29595f6d6f02a787d5f9e52a1110ac0cfe41460af7bd6c48d1c5f202553d7ab22b83f1cc4b3ca5dccf37a00bc4

    • SSDEEP

      12288:j5Fa5WOk38It4CQbEamjIqEAQrGI/P5Bch/wpbg2iQ7Kx0Jxn/:jVazzbEamMqEbvhBch8P7Gx0z

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks