Overview

overview

10

Static

static

3

doc023561861500.exe

windows7-x64

10

doc023561861500.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21052024_1433_21052024_doc023561861500.img

  • Size

    1.2MB

  • Sample

    240521-rxddwshc38

  • MD5

    a46c918a799bb06748917207fbf764c6

  • SHA1

    5936531292651a4e8105a6de9c224223e3e946a4

  • SHA256

    6dddaa0706cbc843659594b28a5da0ef1664331ad611c42010b991d24b67b6bd

  • SHA512

    77aeb1127f7278dc03fb69168023caea2764636ed15545f6c6b51516a428a929c851d8f224e01d89789cd03eda1ee8b69767f60be3e3299403db0d9e74d4ffe5

  • SSDEEP

    12288:s12/OjGeEWONK/heRoZKWtC3+wM3KFp6G/3iM4V:d/2GeEWON4hvKJ3+wKKF/G

Score
10/10
agentteslaexecutionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      doc023561861500.bat

    • Size

      527KB

    • MD5

      fbdfc962880dc6723d12e0a37f609452

    • SHA1

      99952710f767d51a28c89c0c9ccd0a209796135e

    • SHA256

      3dad11bcdd07ce0d3431ff24364eddac1e4dec7b72f806ed1c6cff7d876524a1

    • SHA512

      aeec86ae64debe692c2fae8444bccee848c1121f4c6e9f5beb51feee325bce6125a2fbe76df767c29499c95974c5cb8d5a0007b54b1fce07e01b8b076128d82e

    • SSDEEP

      12288:Q12/OjGeEWONK/heRoZKWtC3+wM3KFp6G/3iM4VV:5/2GeEWON4hvKJ3+wKKF/GV

    Score
    10/10
    agentteslaexecutionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks