Overview

overview

10

Static

static

1

aa42e8496c...bf.bat

windows7-x64

10

aa42e8496c...bf.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa42e8496ced596dfc972f148bb41a5f31e344921c875ce83a4e449dcf3974bf.bat

  • Size

    7KB

  • Sample

    240425-t5em2acg49

  • MD5

    9eb9ec107cbbbb33b41d9df263eb0547

  • SHA1

    9f4098053112c864b75d3d22a647a63fbcb00db5

  • SHA256

    aa42e8496ced596dfc972f148bb41a5f31e344921c875ce83a4e449dcf3974bf

  • SHA512

    361706ca0f0af6c28e29c82fa2db3a33cda075f7fa2220a0f32a0e080bd8a2cc424aa77e9ca73667ecd696858ba974d1172e153d7e018e0107fe3c1b18c4c127

  • SSDEEP

    192:KjYxSFV4/jJSi0JJ1e816YEz/QoTE1onTUDaBo3NNTDYGS5n:KjKSF6/jJ3wR6Y8QoTE16I+Bo3NtDTu

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      aa42e8496ced596dfc972f148bb41a5f31e344921c875ce83a4e449dcf3974bf.bat

    • Size

      7KB

    • MD5

      9eb9ec107cbbbb33b41d9df263eb0547

    • SHA1

      9f4098053112c864b75d3d22a647a63fbcb00db5

    • SHA256

      aa42e8496ced596dfc972f148bb41a5f31e344921c875ce83a4e449dcf3974bf

    • SHA512

      361706ca0f0af6c28e29c82fa2db3a33cda075f7fa2220a0f32a0e080bd8a2cc424aa77e9ca73667ecd696858ba974d1172e153d7e018e0107fe3c1b18c4c127

    • SSDEEP

      192:KjYxSFV4/jJSi0JJ1e816YEz/QoTE1onTUDaBo3NNTDYGS5n:KjKSF6/jJ3wR6Y8QoTE16I+Bo3NtDTu

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks