Overview

overview

10

Static

static

5

0b9b02462f...19.exe

windows7-x64

10

0b9b02462f...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19

  • Size

    1.0MB

  • Sample

    240426-b9p1fsha9w

  • MD5

    84d54dc520dc326bc28707788baadc0b

  • SHA1

    d89337fd80f2fc0f37da390e25c07478b34426c7

  • SHA256

    0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19

  • SHA512

    6e56843cac1ffd8ac5d4395287e8dc9be138c92ee7c4a1a4cb5e4bfcbcc848344d1bdb6145399126f69d9ee0867f5f3fe1e4f11b0328dc22eef299844e9353b1

  • SSDEEP

    24576:yAHnh+eWsN3skA4RV1Hom2KXMmHati3Gkg9o28+nXJz5:1h+ZkldoPK8YatUGp/BXL

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19

    • Size

      1.0MB

    • MD5

      84d54dc520dc326bc28707788baadc0b

    • SHA1

      d89337fd80f2fc0f37da390e25c07478b34426c7

    • SHA256

      0b9b02462f2da1a90248f678558f6eb3002b1747dd90b1861dc748c8ca9e8b19

    • SHA512

      6e56843cac1ffd8ac5d4395287e8dc9be138c92ee7c4a1a4cb5e4bfcbcc848344d1bdb6145399126f69d9ee0867f5f3fe1e4f11b0328dc22eef299844e9353b1

    • SSDEEP

      24576:yAHnh+eWsN3skA4RV1Hom2KXMmHati3Gkg9o28+nXJz5:1h+ZkldoPK8YatUGp/BXL

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks