Overview

overview

10

Static

static

3

fbaf8a59ed...35.exe

windows7-x64

10

fbaf8a59ed...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbaf8a59ed3c6d18566b7e254f772870841bfd26224c5e851b7361eb892a4f35.exe

  • Size

    609KB

  • Sample

    240523-sd2g2sfb5w

  • MD5

    83c0f36678a5e58ebf700975abed6694

  • SHA1

    a91107d56aeafc100f1986421d2d487bdeacafa8

  • SHA256

    fbaf8a59ed3c6d18566b7e254f772870841bfd26224c5e851b7361eb892a4f35

  • SHA512

    fb0be5cafb518286bde8062a746802b4d7a7aaf25c28ff167b5026b947ba81cf8964cfbb1f11a0b462f57ac1e0a58180897eb6f5af0102f8d59184e20ab90b65

  • SSDEEP

    12288:E9Y2gi0zawwRO3XJWV47YLuzfG5XtOOdh6KbMhawlAUh:E9YJzBH4MA59zdE4MhawZ

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    business29.web-hosting.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7.s8.{OnUP(S

Targets

    • Target

      fbaf8a59ed3c6d18566b7e254f772870841bfd26224c5e851b7361eb892a4f35.exe

    • Size

      609KB

    • MD5

      83c0f36678a5e58ebf700975abed6694

    • SHA1

      a91107d56aeafc100f1986421d2d487bdeacafa8

    • SHA256

      fbaf8a59ed3c6d18566b7e254f772870841bfd26224c5e851b7361eb892a4f35

    • SHA512

      fb0be5cafb518286bde8062a746802b4d7a7aaf25c28ff167b5026b947ba81cf8964cfbb1f11a0b462f57ac1e0a58180897eb6f5af0102f8d59184e20ab90b65

    • SSDEEP

      12288:E9Y2gi0zawwRO3XJWV47YLuzfG5XtOOdh6KbMhawlAUh:E9YJzBH4MA59zdE4MhawZ

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks