Overview

overview

10

Static

static

10

c685ab98e1...57.exe

windows7-x64

10

c685ab98e1...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c685ab98e1910af3a51286a6d68d706e2a7be5298f74c061f98b9e87e290d357.exe

  • Size

    2.0MB

  • Sample

    240524-b4q1kagh84

  • MD5

    d81b4a2a5f96fb13ba259a1fae296ace

  • SHA1

    ba47840dfff065356f10a05464c75c6a4cb70b7a

  • SHA256

    c685ab98e1910af3a51286a6d68d706e2a7be5298f74c061f98b9e87e290d357

  • SHA512

    586908b31e61657f9f55b914f5b3a5b232ea1d1219025d2765a8d5f5bf35aa127d610d82c597bc38ddc8d69167179f068949a72ae28ab2f9732f0b2f76ba7bb8

  • SSDEEP

    24576:kynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52tOXuq01dKqOFCBvx1prO:VjN3CdJ81nEQhs30eruqsrOFCBbprO

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BTwcMq@2

Targets

    • Target

      c685ab98e1910af3a51286a6d68d706e2a7be5298f74c061f98b9e87e290d357.exe

    • Size

      2.0MB

    • MD5

      d81b4a2a5f96fb13ba259a1fae296ace

    • SHA1

      ba47840dfff065356f10a05464c75c6a4cb70b7a

    • SHA256

      c685ab98e1910af3a51286a6d68d706e2a7be5298f74c061f98b9e87e290d357

    • SHA512

      586908b31e61657f9f55b914f5b3a5b232ea1d1219025d2765a8d5f5bf35aa127d610d82c597bc38ddc8d69167179f068949a72ae28ab2f9732f0b2f76ba7bb8

    • SSDEEP

      24576:kynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52tOXuq01dKqOFCBvx1prO:VjN3CdJ81nEQhs30eruqsrOFCBbprO

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks