Overview

overview

10

Static

static

3

d4457b001a...48.exe

windows7-x64

10

d4457b001a...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48

  • Size

    644KB

  • Sample

    240424-ch78dseb2z

  • MD5

    c2f4733fb9ba1df18b2beea15fd0b26d

  • SHA1

    e9c3d0d0ced40d9138757d701d4fa89cc32687e1

  • SHA256

    d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48

  • SHA512

    6db58d650a7183a248fdff0bb5e67d4b188e7c57d5b1fafcda58f9a49fa2272a5d98e1e25d2fd8ba3fc11d1c3b0cc12d854877e53d81c4aa10a38418f2530fdd

  • SSDEEP

    12288:AmNZRAjjvsTw4XrgKxoqd7OIW7iN6l0BR2kNUrBOvWTB4dd:/lM54XrgKrIImhluRoY+yd

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48

    • Size

      644KB

    • MD5

      c2f4733fb9ba1df18b2beea15fd0b26d

    • SHA1

      e9c3d0d0ced40d9138757d701d4fa89cc32687e1

    • SHA256

      d4457b001ae6dec20cc5748290d9409751e4e1232fb4dbcf4c9612bb7883ef48

    • SHA512

      6db58d650a7183a248fdff0bb5e67d4b188e7c57d5b1fafcda58f9a49fa2272a5d98e1e25d2fd8ba3fc11d1c3b0cc12d854877e53d81c4aa10a38418f2530fdd

    • SSDEEP

      12288:AmNZRAjjvsTw4XrgKxoqd7OIW7iN6l0BR2kNUrBOvWTB4dd:/lM54XrgKrIImhluRoY+yd

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks