Overview

overview

10

Static

static

5

e3e2106835...9d.exe

windows7-x64

10

e3e2106835...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3e2106835618398ef240b9e3e84026a0019bafda4464f3150756d42c5374f9d.exe

  • Size

    1.0MB

  • Sample

    240425-cjw7hsdd42

  • MD5

    111af05dd1407b81db746b75b32e8b92

  • SHA1

    5fd001e0d0d86e5ee6d19e388bef20d31865f45d

  • SHA256

    e3e2106835618398ef240b9e3e84026a0019bafda4464f3150756d42c5374f9d

  • SHA512

    bf37a0b838474210df8cecf22d6462e848eb91fda5777aab0ec6b03b5286a52e487b69c2a737883372b13a523bb87ef9a91ab25946028a19f6022e2bddc733a9

  • SSDEEP

    24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJMUyY1WXbVTZD5:3h+ZkldoPK8YaJJgXbR

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      e3e2106835618398ef240b9e3e84026a0019bafda4464f3150756d42c5374f9d.exe

    • Size

      1.0MB

    • MD5

      111af05dd1407b81db746b75b32e8b92

    • SHA1

      5fd001e0d0d86e5ee6d19e388bef20d31865f45d

    • SHA256

      e3e2106835618398ef240b9e3e84026a0019bafda4464f3150756d42c5374f9d

    • SHA512

      bf37a0b838474210df8cecf22d6462e848eb91fda5777aab0ec6b03b5286a52e487b69c2a737883372b13a523bb87ef9a91ab25946028a19f6022e2bddc733a9

    • SSDEEP

      24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJMUyY1WXbVTZD5:3h+ZkldoPK8YaJJgXbR

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks