Overview

overview

10

Static

static

5

Payment.exe

windows7-x64

10

Payment.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment.zip

  • Size

    615KB

  • Sample

    240426-j6p52sce3w

  • MD5

    c7af3e28d74961252fd0f91852be0604

  • SHA1

    b25b248d644c5703a88fd01cf89bf1fa80e4dc04

  • SHA256

    644644cc796d1f18d55a4eccdd95b99497c589e371665c5f2c5e8e782cbc4a22

  • SHA512

    3479dc5e7ffff894a1aaab77be32107848e2ad2d6638837af6927af31873ba757fd74332ec78139f0ee140875377a77213f803b8f456dbda79055748623e849b

  • SSDEEP

    12288:Wrl2iiRtIt4JmVUNZdNk4pa5nRRqgPAR5IsnVoWLhuKwHTbNbk9u7A:WRytuON/NkKSRRFA7Igo+hSTfA

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Payment.exe

    • Size

      1.0MB

    • MD5

      872fc876d25908a93236dcf98e09e3de

    • SHA1

      06da1381d9aaa978ace25c409a59c3d6560975c0

    • SHA256

      a6cd55461ca16e33b153c509417d91eec660cc6d447764c9a312a0ad871ca9c5

    • SHA512

      4f1750c69221ecea05d66a5eb92c2cf821fcc080c3593ac7a3874d7cc9fc8f2ce1d9263329f419cc43188dda09bdbdbb412a5c6bb370aec70a9830588b07d586

    • SSDEEP

      24576:0AHnh+eWsN3skA4RV1Hom2KXMmHaF+CoEFoTiy5:Dh+ZkldoPK8YaF+DH

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks