Overview

overview

10

Static

static

3

54cd3b5bad...d3.exe

windows7-x64

1

54cd3b5bad...d3.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3

  • Size

    118KB

  • Sample

    240416-ck5kaaeh38

  • MD5

    9ab2587c9b7f0083edb6ef8e9a3f4bd1

  • SHA1

    5834bbf71c4464adf7c79fc0abbbadec42277b89

  • SHA256

    54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3

  • SHA512

    4907c4beeb54579c8aea27485b0bf1766f1d4a3f490231f177108a4e89f1b33072cdeefde6e4f92ca1801dc798ff8c54dd832ef97662c3c64f86b31a84251ce2

  • SSDEEP

    3072:FgRyFgtnvPSQxIIrNTUfEP+9HRAaMagfSv8+nS:FUPcIrmfEG9xA9qvRn

Score
10/10
agentteslaagilenetkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3

    • Size

      118KB

    • MD5

      9ab2587c9b7f0083edb6ef8e9a3f4bd1

    • SHA1

      5834bbf71c4464adf7c79fc0abbbadec42277b89

    • SHA256

      54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3

    • SHA512

      4907c4beeb54579c8aea27485b0bf1766f1d4a3f490231f177108a4e89f1b33072cdeefde6e4f92ca1801dc798ff8c54dd832ef97662c3c64f86b31a84251ce2

    • SSDEEP

      3072:FgRyFgtnvPSQxIIrNTUfEP+9HRAaMagfSv8+nS:FUPcIrmfEG9xA9qvRn

    Score
    10/10
    agentteslaagilenetkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks