Overview

overview

10

Static

static

5

Order 00958867.exe

windows7-x64

10

Order 00958867.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order 00958867.zip

  • Size

    592KB

  • Sample

    240424-q9qdjsbb7x

  • MD5

    487b6c00168691d9298f61dbc2af8a6c

  • SHA1

    743a7ede3d69aad1f7c6636e06bcd928ab4b1a5e

  • SHA256

    c9690c685db15bbd40081c1e8f77ef2da09c56e7c4667f13fcbfa05a2b416abd

  • SHA512

    f43562e813af5a229383e744fe99aa9b34c9ccc172bb47e5fc2fef1445f2e504c890869f1c1b97f6e7e3f786832def0ffeb1ae6425e66629f5474010354c5a92

  • SSDEEP

    12288:oObT/zcJZnqsRzcp1wq3RO6N5IJWA5AuaLBXb4z/:os/cHU1ThuJcuqBM/

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Order 00958867.exe

    • Size

      1015KB

    • MD5

      3c0c2eecbe5928812b19a173aa664273

    • SHA1

      1a8d159220bc28bea1713bfbfae6f70a03681a75

    • SHA256

      a1fab4b8e0b4624d3da9a0b89ac2f3c4ad564ff921e5ee4cff567fc986da48cb

    • SHA512

      64c4075005ade33d769f076ee14a9b77d92eeb32b31fb0d37c57fffe83c23ddc343a6a4b9ee63d48d8b25c8378436c2cf299503efb6f450a48d33cfe6bf04f84

    • SSDEEP

      24576:aAHnh+eWsN3skA4RV1Hom2KXMmHajVWuOBc0gX5:th+ZkldoPK8YajYc0c

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks