Overview

overview

10

Static

static

3

96ef2ca9b0...c1.exe

windows7-x64

10

96ef2ca9b0...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96ef2ca9b0ceef113909206d1fb2c78192f4ec70193f3eafc72c7f68151b9cc1

  • Size

    692KB

  • Sample

    240329-btyyesdh4y

  • MD5

    e54904d91a2918e4b70f772670f62cba

  • SHA1

    5747950cf7ab78aa46fed9fb7e07f0d1c5be37b9

  • SHA256

    96ef2ca9b0ceef113909206d1fb2c78192f4ec70193f3eafc72c7f68151b9cc1

  • SHA512

    9070a495ea40eb54e6249e1dbe9e58932459e5204fca660469ab2376276f92cb010ae4eeedd353e13837d460c918343086ce066faab839db85bbdc54dd79bf21

  • SSDEEP

    12288:y/tE0YOwqOpzcLxF78R89E8+5z5iy/S1FXcGMQcPJFyBSAMn63LnnFXM8Z2VB/n:1O7jLxd8j8u5Xq1FPdcPJYBSAMn4FXMT

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hWTSuxL9

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      96ef2ca9b0ceef113909206d1fb2c78192f4ec70193f3eafc72c7f68151b9cc1

    • Size

      692KB

    • MD5

      e54904d91a2918e4b70f772670f62cba

    • SHA1

      5747950cf7ab78aa46fed9fb7e07f0d1c5be37b9

    • SHA256

      96ef2ca9b0ceef113909206d1fb2c78192f4ec70193f3eafc72c7f68151b9cc1

    • SHA512

      9070a495ea40eb54e6249e1dbe9e58932459e5204fca660469ab2376276f92cb010ae4eeedd353e13837d460c918343086ce066faab839db85bbdc54dd79bf21

    • SSDEEP

      12288:y/tE0YOwqOpzcLxF78R89E8+5z5iy/S1FXcGMQcPJFyBSAMn63LnnFXM8Z2VB/n:1O7jLxd8j8u5Xq1FPdcPJYBSAMn4FXMT

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks