Overview

overview

10

Static

static

5

7e6b0abf06...e9.exe

windows7-x64

10

7e6b0abf06...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e6b0abf06d4060bb722a3d7d4f06f8821f83ab32995ff39ca673449a951f6e9.exe

  • Size

    1024KB

  • Sample

    240522-cac3aage82

  • MD5

    a55346fa83c52c493449dda9edd8ec25

  • SHA1

    5352b64fa109dea372f68412c0b2d0b2096371db

  • SHA256

    7e6b0abf06d4060bb722a3d7d4f06f8821f83ab32995ff39ca673449a951f6e9

  • SHA512

    fd20b06326b1172dbef6786d45f52c7186d1c32038c6931ee8d47691f017808f5800fb1cc010db7261f15f6e0cc26300fc3a0a351d82219e412c8d9c6063bbf9

  • SSDEEP

    24576:0AHnh+eWsN3skA4RV1Hom2KXMmHasgwqspfLb+GrBC5:Dh+ZkldoPK8Yas/XDv6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.corpsa.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -E~O8rekW5UT

Targets

    • Target

      7e6b0abf06d4060bb722a3d7d4f06f8821f83ab32995ff39ca673449a951f6e9.exe

    • Size

      1024KB

    • MD5

      a55346fa83c52c493449dda9edd8ec25

    • SHA1

      5352b64fa109dea372f68412c0b2d0b2096371db

    • SHA256

      7e6b0abf06d4060bb722a3d7d4f06f8821f83ab32995ff39ca673449a951f6e9

    • SHA512

      fd20b06326b1172dbef6786d45f52c7186d1c32038c6931ee8d47691f017808f5800fb1cc010db7261f15f6e0cc26300fc3a0a351d82219e412c8d9c6063bbf9

    • SSDEEP

      24576:0AHnh+eWsN3skA4RV1Hom2KXMmHasgwqspfLb+GrBC5:Dh+ZkldoPK8Yas/XDv6

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks