Overview

overview

10

Static

static

3

897d8cdd09...17.exe

windows7-x64

10

897d8cdd09...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

  • Size

    819KB

  • Sample

    240427-b8kpcahd91

  • MD5

    b3357f4dfe7dbe081d64e8a95bcac220

  • SHA1

    581795553739ed6c2bfa8f73c1c361c75f163dd6

  • SHA256

    897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

  • SHA512

    f3e2eb82e0b5586d1d112ca0f632b33562411cc2804c9e1ffb153cf6c51fc0556d34184a99cd8ffd640bf65bc4c723e148878d5aea1f090a15860848410f6b33

  • SSDEEP

    12288:1lqnHvjNIrpf9rN/mc/Ckm85fy1kOPJ1/Sp2oW0xj/R8+AU0YMa13nlZv:1wPjKr5BNDhm8561Op1W0t/RxAUlMGZ

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6966006943:AAFt2O0O-c3D4lGLDjurHIrImKjoPwoQE2c/

Targets

    • Target

      897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

    • Size

      819KB

    • MD5

      b3357f4dfe7dbe081d64e8a95bcac220

    • SHA1

      581795553739ed6c2bfa8f73c1c361c75f163dd6

    • SHA256

      897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

    • SHA512

      f3e2eb82e0b5586d1d112ca0f632b33562411cc2804c9e1ffb153cf6c51fc0556d34184a99cd8ffd640bf65bc4c723e148878d5aea1f090a15860848410f6b33

    • SSDEEP

      12288:1lqnHvjNIrpf9rN/mc/Ckm85fy1kOPJ1/Sp2oW0xj/R8+AU0YMa13nlZv:1wPjKr5BNDhm8561Op1W0t/RxAUlMGZ

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks