Overview

overview

10

Static

static

5

cce693672e...13.exe

windows7-x64

10

cce693672e...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce693672e91fa6a614729d0c1b9cdd96afa589ecd6c8156f5444f38b4edf213.exe

  • Size

    1017KB

  • Sample

    240522-cww3aahe7t

  • MD5

    300c66c99811ab658ca768bd2492af46

  • SHA1

    a6111b2b83f1fb0d89113e68fbdeacb715b6f874

  • SHA256

    cce693672e91fa6a614729d0c1b9cdd96afa589ecd6c8156f5444f38b4edf213

  • SHA512

    1d303a81679ef7150bfff0c3300e42519132508fc916b19ce428123684a1119b85787e4993cb599f7f1d3e6a1a5e4c03f18447a88cddc8b292c95e3a2ec70720

  • SSDEEP

    24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaj9OnloMOBW5:5h+ZkldoPK8Yaj9omMOq

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.corpsa.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -E~O8rekW5UT

Targets

    • Target

      cce693672e91fa6a614729d0c1b9cdd96afa589ecd6c8156f5444f38b4edf213.exe

    • Size

      1017KB

    • MD5

      300c66c99811ab658ca768bd2492af46

    • SHA1

      a6111b2b83f1fb0d89113e68fbdeacb715b6f874

    • SHA256

      cce693672e91fa6a614729d0c1b9cdd96afa589ecd6c8156f5444f38b4edf213

    • SHA512

      1d303a81679ef7150bfff0c3300e42519132508fc916b19ce428123684a1119b85787e4993cb599f7f1d3e6a1a5e4c03f18447a88cddc8b292c95e3a2ec70720

    • SSDEEP

      24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaj9OnloMOBW5:5h+ZkldoPK8Yaj9omMOq

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks